Security team successfully cracks SSL using 200 PS3's and MD5

Joe Abley jabley at hopcount.ca
Mon Jan 5 14:39:37 CST 2009


On 2009-01-05, at 15:18, Jason Uhlenkott wrote:

> If we had DNSSEC, we could do away with SSL CAs entirely.  The owner
> of each domain or host could publish a self-signed cert in a TXT RR,

... or even in a CERT RR, as I heard various clever people talking  
about in some virtual hallway the other day. <http://www.isi.edu/in-notes/rfc2538.txt 
 >.

> and the DNS chain of trust would be the only form of validation  
> needed.


Joe





More information about the NANOG mailing list