The state-level attack on the SSL CA security model

Dobbins, Roland rdobbins at arbor.net
Wed Mar 23 23:13:37 CDT 2011


On Mar 24, 2011, at 11:05 AM, Martin Millnert wrote:

> Announcing this high and loud even before fixes were available would not have exposed more users to threats, but less.


An argument against doing this prior to fixes being available is that miscreants who didn't know about this previously would be alerted to the possibility of using one of these certs (assuming they could get their hands on one) in conjunction with name resolution manipulation.

Note that announcing this prior to fixes would've dramatically increased the resale value of these certificates in the underground economy, making them much more attractive/lucrative.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>

		The basis of optimism is sheer terror.

			  -- Oscar Wilde





More information about the NANOG mailing list