Re: Security team successfully cracks SSL using 200 PS3's and MD5flaw.

About Merit

Services

Network

Resources & Support

Network Research

News

Events

Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Re: Security team successfully cracks SSL using 200 PS3's and MD5flaw.

From: Steven M. Bellovin
Date: Fri Jan 02 12:06:56 2009

List-archive: <http://mailman.nanog.org/pipermail/nanog>
List-help: <mailto:nanog-request@nanog.org?subject=help>
List-id: North American Network Operators Group <nanog.nanog.org>
List-post: <mailto:nanog@nanog.org>
List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>,<mailto:nanog-request@nanog.org?subject=subscribe>
List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>,<mailto:nanog-request@nanog.org?subject=unsubscribe>

On Fri, 2 Jan 2009 17:53:55 +0100
"Terje Bless" <link@pobox.com> wrote:

> On Fri, Jan 2, 2009 at 5:44 PM,  <Valdis.Kletnieks@vt.edu> wrote:
> > Hmm... so basically all deployed FireFox and IE either don't even
> > try to do a CRL, or they ask the dodgy certificate "Who can I ask
> > if you're dodgy?"
> 
> Hmm. Don't the shipped-with-the-browser trusted root certificates
> include a CRL URL?
> 
> 
Every CA runs its own CRL server -- it has to be that way.


		--Steve Bellovin, http://www.cs.columbia.edu/~smb

Follow-Ups:
- Re: Security team successfully cracks SSL using 200 PS3's and MD5flaw. Jasper Bryant-Greene

References:
- Re: Security team successfully cracks SSL using 200 PS3's and MD5flaw. Joe Greco
- Re: Security team successfully cracks SSL using 200 PS3's and MD5flaw. Valdis.Kletnieks
- Re: Security team successfully cracks SSL using 200 PS3's and MD5flaw. Terje Bless

Prev by Date: Re: Security team successfully cracks SSL using 200 PS3's and MD5flaw.
Next by Date: Re: Security team successfully cracks SSL using 200 PS3's and MD5
Date Index
Thread Index
Author Index
Historical