The state-level attack on the SSL CA security model

• Previous message (by thread): The state-level attack on the SSL CA security model
• Next message (by thread): The state-level attack on the SSL CA security model
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/23/2011 11:05 PM, Martin Millnert wrote:
> To my surprise, I did not see a mention in this community of the
> latest proof of the complete failure of the SSL CA model to actually
> do what it is supposed to: provide security, rather than a false sense
> of security.

This story strikes me as a success - the certs were revoked immediately, 
and it took a surprisingly short amount of time for security fixes to 
appear all over the place.

 >  In some places, failure of internet security means people die

Those people know that using highly visible services like gmail and 
skype is asking to be exposed...

-- 
Harald

• Previous message (by thread): The state-level attack on the SSL CA security model
• Next message (by thread): The state-level attack on the SSL CA security model
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]