has a TLS server (or client, for that matter) key ever actually been compromised?
Hi, Marc!
I don't know about in-the-wild attacks.
However, proof-of-concept attacks:
Server-side: Brumley and Boneh did timing attacks on Apache SSL servers---see their Usenix Security paper from 2003.
Client-side: we've done a number of host-based attacks and http-based attacks, to steal or borrow use of a user's client-side SSL/TLS key. See:
J. Marchesini, S.W. Smith, M.Zhao. "Keyjacking: The Surprising Insecurity of Client-side SSL" Computers and Security. To appear, 2004. http://www.cs.dartmouth.edu/~sws/abstracts/msz04.shtml
--Sean
Sean W. Smith [EMAIL PROTECTED] www.cs.dartmouth.edu/~sws/
Asst Prof, Department of Computer Science, Dartmouth College.
Director, Cybersecurity and Trust Research Center, Institute for Security Technology Studies.
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]