nanog mailing list archives

Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

From: "Steven M. Bellovin" <smb () cs columbia edu>
Date: Fri, 2 Jan 2009 12:06:36 -0500

On Fri, 2 Jan 2009 17:53:55 +0100
"Terje Bless" <link () pobox com> wrote:

On Fri, Jan 2, 2009 at 5:44 PM,  <Valdis.Kletnieks () vt edu> wrote:

Hmm... so basically all deployed FireFox and IE either don't even
try to do a CRL, or they ask the dodgy certificate "Who can I ask
if you're dodgy?"


Hmm. Don't the shipped-with-the-browser trusted root certificates
include a CRL URL?

Every CA runs its own CRL server -- it has to be that way.


                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Current thread:

Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw., (continued)
- - - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Florian Weimer (Jan 04)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Rubens Kuhl Jr. (Jan 04)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Marshall Eubanks (Jan 04)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Christopher Morrow (Jan 04)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Christopher Morrow (Jan 04)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Kevin Oberman (Jan 04)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Nick Hilliard (Jan 03)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Florian Weimer (Jan 03)
  - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Valdis . Kletnieks (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Terje Bless (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Jasper Bryant-Greene (Jan 02)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Skywing (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Steven M. Bellovin (Jan 02)
    - RE: Security team successfully cracks SSL using 200 PS3's and MD5 flaw. Deepak Jain (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Abley (Jan 02)
    - Re: Security team successfully cracks SSL using 200 PS3's and MD5 Joe Greco (Jan 02)

(Thread continues...)