Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

Valdis.Kletnieks at Valdis.Kletnieks at
Fri Jan 2 16:44:33 UTC 2009

On Fri, 02 Jan 2009 09:58:05 CST, Joe Greco said:

> Anyways, I was under the impression that the whole purpose of the
> revocation capabilities of SSL was to deal with problems like this, and
> that a large part of the justification of the cost of an SSL certificate
> was the administrative burden associated with guaranteeing and maintaining
> the security of the chain.

What percentage of deployed browsers handle CRL's correctly?

Consider this snippet from the page (section 6.1):

"One interesting observation from our work is that the rogue certificate we
have created is very hard to revoke using the revocation mechanism available in
common browsers. There are two protocols for certificate revocation, CRL and
OSCP. Until Firefox 3 and IE 7, certificate revocation was disabled by default.
Even in the latest versions, the browsers rely on the certificate to include a
URL pointing to a revocation server. Our rogue CA certificate had very limited
space and it was impossible to include such a URL, which means that by default
both Internet Explorer and Firefox are unable to find a revocation server to
check our certificate against."

Hmm... so basically all deployed FireFox and IE either don't even try to do
a CRL, or they ask the dodgy certificate "Who can I ask if you're dodgy?"

What's wrong with this picture?  (Personally, I consider this a potentially
bigger problem than the MD5 issue...)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <>

More information about the NANOG mailing list