Security team successfully cracks SSL using 200 PS3's and MD5
Mark_Andrews at isc.org
Mon Jan 5 16:43:51 CST 2009
In message <20090105201859.GC15107 at ferrum.uhlenkott.net>, Jason Uhlenkott write
> On Fri, Jan 02, 2009 at 15:33:05 -0600, Joe Greco wrote:
> > This would seem to point out some critical shortcomings in the current SSL
> > system; these shortcomings are not necessarily technological, but rather
> > social/psychological. We need the ability for Tom, Dick, or Harry to be
> > able to crank out a SSL cert with a minimum of fuss or cost; having to
> > learn the complexities of SSL is itself a "fuss" which has significantly
> > and negatively impacted Internet security.
> > Somehow, we managed to figure out how to do this with PGP and keysigning,
> > but it all fell apart (I can hear the "it doesn't scale" already) with SSL.
> If we had DNSSEC, we could do away with SSL CAs entirely. The owner
> of each domain or host could publish a self-signed cert in a TXT RR,
> and the DNS chain of trust would be the only form of validation needed.
Or one could use the CERT to publish a cert :-)
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the NANOG