Any TLS server key compromises?

2004-08-13 Thread Marc Branchaud
I've been wondering, has a TLS server (or client, for that matter) key ever actually been compromised? I don't think I've ever heard of one. I'm thinking of two possible avenues for compromise, and ignoring insider attacks. One is through defects in the protocol itself or its implementation.

Re: Mozilla tool to self-verify HTTPS site

2003-06-30 Thread Marc Branchaud
Ian Grigg wrote: Tying the certificate into the core crypto protocol seems to be a poor design choice; outsourcing any certification to a higher layer seems to work much better out in the field. I'll reserve judgement about the significance of SSLBar, but I couldn't agree more with the above