"Eric Rescorla" <[email protected]> wrote: > > Yup, SSL is pretty much dead now. > > Uh, no.
Well, 2 root certs have been compromised. Even one root cert is enough to kill SSL. But it's not dead forever, we need to rethink whether it's a good idea to give so many CAs our trust by default in all kind of applications. IMO, what kills SSL here is the trust many apps give the CAs, which they don't deserve. > See my writeup here: > http://www.educatedguesswork.org/2008/12/understanding_the_sotirov_et_a.html I will read it later. I came just back from 25c3. > Uh, there have been a grand total of two certificates that we know of > being issued to the wrong people. That's hardly the end of the world. > Yes, I totally agree that CA procedures could be significantly > tighter, but I think "can't rely" is rather too strong. Well, if you are in the same network with those who just presented an attack on a root CA, you better not rely on SSL :). > Additionally,the only part of SSL/TLS that this stuff implicates is > a feature SSH doesn't even have, namely third party authentication. Exactly. But for my server, I got the exact fingerprint. But I don't have it for every server I use using SSL. > If you want to run SSL/TLS in a mode where you know the peer's key > already, it doesn't matter what the CAs do. Sure, but it's easier to just tunnel everything via SSH into a trusted network :). -- Jonathan
signature.asc
Description: PGP signature
