The state-level attack on the SSL CA security model

Richard Barnes richard.barnes at
Thu Mar 24 09:59:45 CDT 2011

Which is especially funny since Comodo is citing the fact that they've
had no OCSP requests for the bad certs as evidence that they haven't
been used.


On Thu, Mar 24, 2011 at 10:53 AM, Tony Finch <dot at> wrote:
> Harald Koch <chk at> wrote:
>> This story strikes me as a success - the certs were revoked immediately, and
>> it took a surprisingly short amount of time for security fixes to appear all
>> over the place.
> It would have been much easier if certificate revocation actually worked
> properly.
> Tony.
> --
> f.anthony.n.finch  <dot at>
> Viking, North Utsire, South Utsire: Westerly veering northerly, 4 or 5,
> occasionally 6 at first. Moderate or rough. Occasional rain. Moderate or good,
> occasionally poor at first.

More information about the NANOG mailing list