Microsoft deems all DigiNotar certificates untrustworthy, releases

Chris Adams cmadams at hiwaay.net
Tue Sep 13 15:17:02 UTC 2011


Once upon a time, Brett Frankenberger <rbf+nanog at panix.com> said:
> On Tue, Sep 13, 2011 at 09:45:39AM -0500, Chris Adams wrote:
> > Once upon a time, Tei <oscar.vives at gmail.com> said:
> > > He, I just want to self-sign my CERT's and remove the ugly warning that
> > > browsers shows.
> > 
> > SSL without some verification of the far end is useless, as a
> > man-in-the-middle attack can create self-signed certs just as easily.
> 
> It protects against attacks where the attacker merely monitors the
> traffic between the two endpoints.

Someone who can monitor can most likely inject false traffic and thus
MITM.

In any case, a system that is supposed to provide end-to-end security
shouldn't be considered secure if it can be easily bypassed.
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.




More information about the NANOG mailing list