nanog mailing list archives
Re: Microsoft deems all DigiNotar certificates untrustworthy, releases
From: Brett Frankenberger <rbf+nanog () panix com>
Date: Tue, 13 Sep 2011 09:58:55 -0500
On Tue, Sep 13, 2011 at 09:45:39AM -0500, Chris Adams wrote:
Once upon a time, Tei <oscar.vives () gmail com> said:He, I just want to self-sign my CERT's and remove the ugly warning that browsers shows.SSL without some verification of the far end is useless, as a man-in-the-middle attack can create self-signed certs just as easily.
It protects against attacks where the attacker merely monitors the traffic between the two endpoints. As you suggest, it does not protect against MITM, but that's different from being useless. The value of protecting against the former but not the latter may vary by situation, but it's not always zero. Not all attackers/attacks that can sniff also have the capability and willingness to MITM. (And even SSL w/ endpoint verification isn't absolute security. For example, it doesn't protect against endpoint compromises. But that doesn't make it endpoint verification useless.) -- Brett
Current thread:
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases, (continued)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Valdis . Kletnieks (Sep 12)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases fredrik danerklint (Sep 12)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Måns Nilsson (Sep 12)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Valdis . Kletnieks (Sep 12)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases fredrik danerklint (Sep 12)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Måns Nilsson (Sep 12)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Tony Finch (Sep 12)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases fredrik danerklint (Sep 12)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Tei (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Chris Adams (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Brett Frankenberger (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Chris Adams (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Peter Kristolaitis (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases David Israel (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Valdis . Kletnieks (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Chris Adams (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Lou Katz (Sep 14)
- Opta revokes Diginotar TTP license (Was: Microsoft deems all DigiNotar certificates untrustworthy, releases) Jeroen Massar (Sep 14)
- Re: Opta revokes Diginotar TTP license (Was: Microsoft deems all DigiNotar certificates untrustworthy, releases) Always Learning (Sep 14)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Michiel Klaver (Sep 13)
- Re: Microsoft deems all DigiNotar certificates untrustworthy, releases Christopher Morrow (Sep 13)