[cryptography] Trusted CA compromised, used to issue fraudulent certificates
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Mar 22 23:04:06 PDT 2011
Interesting post by Jacob Appelbaum on the compromise of a trusted CA that was
used to issue fraudulent certificates:
https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
The discussion shows up (yet again) one of the (several) killer problems of
CRL/OCSP-style blacklisting, since you can only blacklist certs that you know
that a certificate vending machine has issued, there could be arbitrary
numbers of further certs out there that can't be revoked because the vending
machine doesn't know that it issued them.
Peter.
_______________________________________________
cryptography mailing list
cryptography at randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list