> Again, like I said... I left details out intentionally and I > won't post them now just because you asked.
OK. I can understand that you don't want to release this sensitive information to the world. But typically, one could point to something which would describe the existence of a vulnerability without disclosing exactly how to exploit it. And presumably, this would be a big huge deal to all the SSL VPN vendors, browser developers - patches, warnings, etc. So, it seems to me that either (a) you're aware of some otherwise unknown 0day exploit, or (b) all the people using SSL/TLS in their products are collectively hoping that no one notices their fatal flaw until they can patch it. To be clear, are you talking about certificates with a validating signature? Because if you're talking about self-signed certs, that's been discussed previously. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ Fig Leaf Software provides the highest caliber vendor-authorized instruction at our training centers in Washington DC, Atlanta, Chicago, Baltimore, Northern Virginia, or on-site at your location. Visit http://training.figleaf.com/ for more information! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:255165 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
