Microsoft deems all DigiNotar certificates untrustworthy, releases

Chris Adams cmadams at
Tue Sep 13 15:17:02 UTC 2011

Once upon a time, Brett Frankenberger <rbf+nanog at> said:
> On Tue, Sep 13, 2011 at 09:45:39AM -0500, Chris Adams wrote:
> > Once upon a time, Tei <oscar.vives at> said:
> > > He, I just want to self-sign my CERT's and remove the ugly warning that
> > > browsers shows.
> > 
> > SSL without some verification of the far end is useless, as a
> > man-in-the-middle attack can create self-signed certs just as easily.
> It protects against attacks where the attacker merely monitors the
> traffic between the two endpoints.

Someone who can monitor can most likely inject false traffic and thus

In any case, a system that is supposed to provide end-to-end security
shouldn't be considered secure if it can be easily bypassed.
Chris Adams <cmadams at>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.

More information about the NANOG mailing list