http://www.linux-magazine.com/Issues/2010/112/ATTACKS-AGAINST-SSL/(kategorie)/0
http://www.linux-magazine.com/Issues/2010/114/BREACH-OF-TRUST/(kategorie)/0 And perfectly, just today: http://it.slashdot.org/story/11/03/30/1325230/Comodo-Says-Two-More-RAs-Compromised So... eBay has been selling secureID tokens to ebay/paypal customers for $5, to secure access to your accounts for several years now, but Comodo, who is literally selling trust, just uses a username/password? Hell, Gmail, for free, now does two factor authentication. Seriously, how can you trust something like a CA when they behave this badly/incompetently? -Kurt On Sun, Mar 27, 2011 at 2:54 AM, James A. Donald <[email protected]> wrote: > On 2011-03-26 6:36 AM, Kurt Seifried wrote: >> >> There are some other major issues but as far as I can tell SSL is so >> fundamentally broken at the design and operational level it can't be >> fixed, I wrote some articles last year but gave up tilting at >> windmills because it was largely having no effect. > > Please point me to those articles. > -- Kurt Seifried [email protected] skype: 1-703-879-3176 _______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
