Security team successfully cracks SSL using 200 PS3's and MD5

Florian Weimer fw at deneb.enyo.de
Sat Jan 3 13:57:59 UTC 2009


* Joe Greco:

>> A CA statement that they won't issue MD5-signed certificates in the
>> future should be sufficient.  There's no need to reissue old
>> certificates, unless the CA thinks other customers have attacked it.
>
> That would seem to be at odds with what the people who documented this 
> problem believe.

What do they believe?  That the CA should reissue certificates even if
the CA assumes that there haven't been other attacks?  Or that the CA
should not reissue, despite evidence of other attacks?




More information about the NANOG mailing list