nanog mailing list archives

Re: Security team successfully cracks SSL using 200 PS3's and MD5

From: Michael Sinatra <michael () rancid berkeley edu>
Date: Mon, 05 Jan 2009 14:30:11 -0800

On 01/05/09 12:47, Randy Bush wrote:

perhaps i am a bit slow.  but could someone explain to me how trust in
dns data transfers to trust in an http partner and other uses to which
ssl is put?


Because I have to trust the DNS anyway.  If the DNS redirects my users
to a bad site, they may not notice that they are actually entering their
personal information into the perfectly-SSL-secured www.bankofamerca.com.

Given the willingness of some CAs (which are trusted by browsers) to
give out certs with no verification at all[1], I am not sure there is
much to be trusted in the current CA-cartel arrangement, with the
exception of EV certs.  So banks can continue to use the equivalent of
EV certs, and the rest of us who don't need an extra layer of trust can
switch to using root certs in the DNS secured via DNSSEC.  The trust
hierarchy is already there.

I agree that there are two different trust models, one of which I am
required to trust and the other of which I don't trust at all.

michael

[1]http://www.theregister.co.uk/2008/12/29/ca_mozzilla_cert_snaf/

Current thread:

Re: Security team successfully cracks SSL using 200 PS3's and MD5, (continued)
- - - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Jason Uhlenkott (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Abley (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Randy Bush (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Abley (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Randy Bush (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Valdis . Kletnieks (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Jason Uhlenkott (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Matthew Kaufman (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Michael Sinatra (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Colin Alston (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Mark Andrews (Jan 05)
    - DNSSEC vs. X509 (Re: Security team successfully cracks SSL...) Paul Vixie (Jan 05)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Mark Andrews (Jan 05)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 Stasiniewicz, Adam (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Robert Mathews (OSIA) (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Dragos Ruiu (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Gadi Evron (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Dragos Ruiu (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Christopher Morrow (Jan 02)

(Thread continues...)