Security team successfully cracks SSL using 200 PS3's and MD5

Mark Andrews Mark_Andrews at isc.org
Mon Jan 5 16:43:51 CST 2009


In message <20090105201859.GC15107 at ferrum.uhlenkott.net>, Jason Uhlenkott write
s:
> On Fri, Jan 02, 2009 at 15:33:05 -0600, Joe Greco wrote:
> > This would seem to point out some critical shortcomings in the current SSL
> > system; these shortcomings are not necessarily technological, but rather
> > social/psychological.  We need the ability for Tom, Dick, or Harry to be
> > able to crank out a SSL cert with a minimum of fuss or cost; having to 
> > learn the complexities of SSL is itself a "fuss" which has significantly 
> > and negatively impacted Internet security.
> > 
> > Somehow, we managed to figure out how to do this with PGP and keysigning,
> > but it all fell apart (I can hear the "it doesn't scale" already) with SSL.
> 
> If we had DNSSEC, we could do away with SSL CAs entirely.  The owner
> of each domain or host could publish a self-signed cert in a TXT RR,
> and the DNS chain of trust would be the only form of validation needed.
 
Or one could use the CERT to publish a cert :-)

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org




More information about the NANOG mailing list