Thread: Gov't coerced Certs thwart SSL/TLS
View Single Post
  #2 (permalink)  
Old 03-29-2010, 10:32 PM
Nomen Nescio
Guest
  
Posts: n/a
Default Re: Gov't coerced Certs thwart SSL/TLS
>Researchers at Indiana University opine that CA-issuers may be co-opted and
>coerced to improperly issue SSL certificates.

>Has SSL become pointless? Researchers suspect state-sponsored CA forgery
>http://www.betanews.com/article/Has-...s-Researchers-
>suspect-statesponsored-CA-forgery/1269551694

>Original paper here:

>Certified Lies: Detecting and Defeating Government
>Interception Attacks Against SSL
>http://files.cloudprivacy.net/ssl-mitm.pdf

This was very interesting. And I don't doubt that the government
might be pressuring the cert companies to issue bogus certs.

I loved the statement:
'Other contributors agreed there may not be due cause to withdraw
CNNIC (China cert authority) from Firefox's root store, until
specific evidence of claims such as this one emerges.'

Do they actually think that dead men are going to be able to
make claims?


Reply With Quote
 

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45