From pgut001@cs.auckland.ac.nz Fri Jul  6 02:37:19 2018
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: cypherpunks-legacy@lists.cpunks.org
Subject:
 [cryptography] Trusted CA compromised,	used to issue fraudulent certificates
Date: Fri, 06 Jul 2018 02:37:19 +0000
Message-ID:
 <172289267900.3881296.9418086439871584001.generated@mail.pglaf.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============6456951090410432378=="

--===============6456951090410432378==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Interesting post by Jacob Appelbaum on the compromise of a trusted CA that was
used to issue fraudulent certificates:

https://blog.torproject.org/blog/detecting-certificate-authority-compromises-=
and-web-browser-collusion

The discussion shows up (yet again) one of the (several) killer problems of
CRL/OCSP-style blacklisting, since you can only blacklist certs that you know
that a certificate vending machine has issued, there could be arbitrary
numbers of further certs out there that can't be revoked because the vending
machine doesn't know that it issued them.

Peter.
_______________________________________________
cryptography mailing list
cryptography(a)randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

----- End forwarded message -----
--=20
Eugen* Leitl <a href=3D"http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE



--===============6456951090410432378==--