On 10/05/2011 07:57 AM, ianG wrote:
This thread originated in a state-led attack on google and 4 CAs
(minimum) with one bankruptcy, one state's government certificates being
replaced, measured cert uses (MITMs?) in the thousands.
Just for the record, the Fox-IT "Interim Report September 5, 2011
DigiNotar Certificate Authority breach 'Operation Black Tulip'"
https://bugzilla.mozilla.org/attachment.cgi?id=558368 states that:
"Around 300.000 unique requesting IPs to google.com have been identified."
Which would seem to represent a good lower bound on the number of users
actually attacked.
- Marsh
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography