On 2011-10-06 12:34 AM, Marsh Ray wrote:
Just for the record, the Fox-IT "Interim Report September 5, 2011
DigiNotar Certificate Authority breach 'Operation Black Tulip'"
https://bugzilla.mozilla.org/attachment.cgi?id=558368 states that:
"Around 300.000 unique requesting IPs to google.com have been identified."
Which would seem to represent a good lower bound on the number of users
actually attacked.
In order to attack its users, Iran had to hack a CA. I assume they ran
a script against every CA, till they found one that broke. The NSA,
IRS, and all the rest of that alphabet soup, including whatever the KGB
calls itself these days, have CAs at their beck and call.
_______________________________________________
cryptography mailing list
[email protected]
http://lists.randombit.net/mailman/listinfo/cryptography