On Wed, Dec 31, 2008 at 6:29 AM, Jonathan Schleifer <[email protected]> wrote: > Pedro Melo <[email protected]> wrote: > >> Hi, >> >> I'm no expert but this seems pretty bad: >> http://www.phreedom.org/research/rogue-ca/ >> >> Best regards, > > Yup, SSL is pretty much dead now.
Uh, no. See my writeup here: http://www.educatedguesswork.org/2008/12/understanding_the_sotirov_et_a.html > First CAs not checking whom they > issue the cert, then CAs still using MD5. At 25c3, I even tunnelled all > SSL-connections through SSH, as you can't rely on SSL anymore. Uh, there have been a grand total of two certificates that we know of being issued to the wrong people. That's hardly the end of the world. Yes, I totally agree that CA procedures could be significantly tighter, but I think "can't rely" is rather too strong. Additionally,the only part of SSL/TLS that this stuff implicates is a feature SSH doesn't even have, namely third party authentication. If you want to run SSL/TLS in a mode where you know the peer's key already, it doesn't matter what the CAs do. -Ekr
