Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
Deepak Jain
deepak at ai.net
Fri Jan 2 20:49:24 UTC 2009
> Of course, this will just make the browsers pop up dialog boxes which
> everyone will click OK on...
>
And brings us to an even more interesting question, since everything is trusting their in-browser root CAs and such. How trustable is the auto-update process? If one does provoke
a mass-revocation of certificates and everyone needs to update their browsers... how do the
auto-update daemons *know* that what they are getting is the real deal?
[I haven't looked into this, just bringing it up. I'm almost certain its less secure than the joke that is SSL certification].
Happy New Year!
Deepak
More information about the NANOG
mailing list