nanog mailing list archives

Re: Security team successfully cracks SSL using 200 PS3's and MD5

From: Joe Abley <jabley () hopcount ca>
Date: Mon, 5 Jan 2009 15:59:54 -0500


On 2009-01-05, at 15:47, Randy Bush wrote:

perhaps i am a bit slow. but could someone explain to me how trustin dns data transfers to trust in an http partner and other uses towhich ssl is put?

If I can get secure answers to "www.bank.example IN CERT?" and "www.bank.exampleIN A?" then perhaps when I connect to www.bank.example:443 I candecide to trust the certificate presented by the server based on thetrust anchor I extracted from the DNS, rather than whatever trustanchors were bundled with my browser.

That presumably would mean that the organisation responsible forbank.example could run their own CA and publish their own trustanchor, without having to buy that service from one of the traditionalCA companies.

No doubt there is more to it than that. I don't know anything muchabout X.509.

Joe

Current thread:

RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw., (continued)
- - - RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Skywing (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Abley (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Jason Uhlenkott (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Abley (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Randy Bush (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Abley (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Randy Bush (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Valdis . Kletnieks (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Jason Uhlenkott (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Matthew Kaufman (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Michael Sinatra (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Colin Alston (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Mark Andrews (Jan 05)
    - DNSSEC vs. X509 (Re: Security team successfully cracks SSL...) Paul Vixie (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Mark Andrews (Jan 05)

(Thread continues...)