Microsoft deems all DigiNotar certificates untrustworthy, releases
Chris Adams
cmadams at hiwaay.net
Tue Sep 13 15:17:02 UTC 2011
Once upon a time, Brett Frankenberger <rbf+nanog at panix.com> said:
> On Tue, Sep 13, 2011 at 09:45:39AM -0500, Chris Adams wrote:
> > Once upon a time, Tei <oscar.vives at gmail.com> said:
> > > He, I just want to self-sign my CERT's and remove the ugly warning that
> > > browsers shows.
> >
> > SSL without some verification of the far end is useless, as a
> > man-in-the-middle attack can create self-signed certs just as easily.
>
> It protects against attacks where the attacker merely monitors the
> traffic between the two endpoints.
Someone who can monitor can most likely inject false traffic and thus
MITM.
In any case, a system that is supposed to provide end-to-end security
shouldn't be considered secure if it can be easily bypassed.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the NANOG
mailing list