Pedro Melo <[email protected]> wrote: > Hi, > > I'm no expert but this seems pretty bad: > http://www.phreedom.org/research/rogue-ca/ > > Best regards,
Yup, SSL is pretty much dead now. First CAs not checking whom they issue the cert, then CAs still using MD5. At 25c3, I even tunnelled all SSL-connections through SSH, as you can't rely on SSL anymore. -- Jonathan
signature.asc
Description: PGP signature
