Dailydave mailing list archives
Questions about MD5+CA
From: Dave Aitel <dave () immunityinc com>
Date: Tue, 30 Dec 2008 12:43:30 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 So if someone was able to get a root CA for $20000 - shouldn't we remove the RapidSSL root CA from our browsers with the next browser update? I don't see why people think this would be hard to replicate and hasn't been done previously to RapidSSL. Is it because no one other than that one team can do math or buy PS3s? Microsoft's advisory on this is essentially defaulting to the "No one else has ever done this" position. This is weird. Trusted Roots that could have been used to sign these things need to get re-issued, right? What am I missing here? "You fail and are no longer trusted" seems like a viable option here that people are avoiding for some reason. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFJWl3CtehAhL0gheoRAtDfAJ95tDB2CGQxWPsghOtFBlNpFBPWigCfTPNX weve1sPUh11d9s6LGN/OYTk= =1WL2 -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Questions about MD5+CA Dave Aitel (Dec 30)
- Re: Questions about MD5+CA Thomas Ptacek (Dec 30)