Jean-Marc Desperrier wrote:
Especially the certlock Firefox extension they propose, which builds
upon Kaie's Conspiracy, but does something more sophisticated.
Unfortunately it seems it has not been made publicly available until now.
Coming back on that old message to say I just saw it's
Especially the certlock Firefox extension they propose
Certificate Patrol seems to do the same.
--
Please avoid sending mails, use the group instead.
If you really need to send me an e-mail, mention FROM NG
in the subject line, otherwise my spam filter will delete your mail.
Sorry for the
Jean-Marc Desperrier wrote:
Article on Wired here :
http://www.wired.com/threatlevel/2010/03/packet-forensics/
The original article is well worth reading also :
http://files.cloudprivacy.net/ssl-mitm.pdf
Especially the certlock Firefox extension they propose, which builds
upon Kaie's
The article is very wishy-washy about forged certificates. This
usually means that either 1) a CA is willing/coaxed/forced to issue a
certificate with CN=bankofamerica.com for a private key owned by the
government of country Mallory or 2) Mallory has obtained the CA's
certificate signing private
To
prevent case 2, CAs are supposed to keep their certificates safe and
revoke them if a suspicion arises that the key is not safe.
Or rather, CAs are supposed to keep their private keys safe, not their
certificates.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
In the case of Netronome's SSL Inspector, if the device replaces
bankofamerica.com's server certificate in the SSL handshake, the new
certificate does _not_ have CN=bankofamerica.com. It is also not
signed by a root CA. Hence, Alice should be fully aware of the man-in-
the-middle and could
On 03/29/2010 10:41 PM, Peter Djalaliev:
Matt Blaze seems to imply that this is already
happening. I have not seen a confirmation of such a case.
No such evidence exists.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP:start...@startcom.org
Blog:http://blog.startcom.org/
7 matches
Mail list logo
