Security team successfully cracks SSL using 200 PS3's and MD5

Joe Abley jabley at
Mon Jan 5 20:59:54 UTC 2009

On 2009-01-05, at 15:47, Randy Bush wrote:

> perhaps i am a bit slow.  but could someone explain to me how trust  
> in dns data transfers to trust in an http partner and other uses to  
> which ssl is put?

If I can get secure answers to " IN CERT?" and " 
  IN A?" then perhaps when I connect to I can  
decide to trust the certificate presented by the server based on the  
trust anchor I extracted from the DNS, rather than whatever trust  
anchors were bundled with my browser.

That presumably would mean that the organisation responsible for  
bank.example could run their own CA and publish their own trust  
anchor, without having to buy that service from one of the traditional  
CA companies.

No doubt there is more to it than that. I don't know anything much  
about X.509.


More information about the NANOG mailing list