[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The state-level attack on the SSL CA security model

Subject: The state-level attack on the SSL CA security model
From: joseph.sniderman at thoroquel.org (Joe Sniderman)
Date: Fri, 25 Mar 2011 23:36:12 -0400
In-reply-to: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <21155.1301069099@localhost> <[email protected]> <[email protected]>

On 03/25/2011 11:12 PM, Steven Bellovin wrote:
> 
> On Mar 25, 2011, at 12:19 52PM, Akyol, Bora A wrote:
> 
>> One could argue that you could try something like the facebook
>> model (or facebook itself). I can see it coming. Facebook web of
>> trust app ;-)
>> 
> Except, of course, for the fact that people tend to have hundreds of
> "friends", many of whom they don't know at all, and who achieved that
> status simply by asking.  You need a much stronger notion of
> interaction, to say nothing of what the malware in your "friends'"
> computers are doing to simulate such interaction.

Then again there are all the "friend us for a chance to win $prize"
gimmicks... not a far jump to "friend us, _with trust bits enabled_ for
a chance to win $prize"

Yeah sounds like a wonderful idea. :P

-- 
Joe Sniderman <joseph.sniderman at thoroquel.org>

Follow-Ups:
- The state-level attack on the SSL CA security model
  - From: fmartin at linkedin.com (Franck Martin)

References:
- The state-level attack on the SSL CA security model
  - From: millnert at gmail.com (Martin Millnert)
- The state-level attack on the SSL CA security model
  - From: rdobbins at arbor.net (Dobbins, Roland)
- The state-level attack on the SSL CA security model
  - From: joakim at aronius.se (Joakim Aronius)
- The state-level attack on the SSL CA security model
  - From: rdobbins at arbor.net (Dobbins, Roland)
- The state-level attack on the SSL CA security model
  - From: bora at pnl.gov (Akyol, Bora A)
- The state-level attack on the SSL CA security model
  - From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks at vt.edu)
- The state-level attack on the SSL CA security model
  - From: bora at pnl.gov (Akyol, Bora A)
- The state-level attack on the SSL CA security model
  - From: smb at cs.columbia.edu (Steven Bellovin)

Prev by Date: The state-level attack on the SSL CA security model
Next by Date: The state-level attack on the SSL CA security model
Previous by thread: The state-level attack on the SSL CA security model
Next by thread: The state-level attack on the SSL CA security model
Index(es):
- Date
- Thread