On 08/09/2011, at 11:31, Lucky Green shamr...@cypherpunks.to wrote:
The SSL/public CA model did an admirable job in that regard and Taher
ElGamal and Paul Kocher deserve full credit for this accomplishment.
As long as we can document that original model, I'm inclined to agree.
SSL's
On 8/09/11 5:34 AM, Fredrik Henbjork wrote:
http://www.globalsign.com/company/press/090611-security-response.html
This whole mess just gets better and better...
As a responsible CA, we have decided to temporarily cease issuance of
all Certificates until the investigation is complete.
On 09/07/2011 02:34 PM, Fredrik Henbjork wrote:
http://www.globalsign.com/company/press/090611-security-response.html
This whole mess just gets better and better...
What's interesting is how the attacker simply doesn't fit the expected
motivations that SSL cert-based PKI was ever sold as
On 8/09/11 6:02 AM, I wrote:
H I'm not sure I'd suspend issuance without some evidence.
On 8/09/11 6:13 AM, Franck Leroy wrote, coz he checked the source!:
http://pastebin.com/GkKUhu35
extract:
Third: You only heards Comodo (successfully issued 9 certs for me -
thanks by the
Marsh Ray ma...@extendedsubset.com writes:
He wants credit for saving the world from PKI!
He should get it. A number of security practitioners have been trying to tell
the world for more than a decade that this stuff, you know, doesn't actually,
well, work. Whoever's behind this has now made
Ian G i...@iang.org writes:
It is not a new observation that the original threat modelling had flaws you
could drive a truck through :)
You forgot to mention what the SSL/browser PKI threat model actually is, as
first pointed out by some guy called Grigg:
SSL/browser PKI is defined to be