[Security] Rogue CAs
Jonathan Schleifer
js-xmpp-security at webkeks.org
Wed Dec 31 08:29:28 CST 2008
Pedro Melo <melo at simplicidade.org> wrote:
> Hi,
>
> I'm no expert but this seems pretty bad:
> http://www.phreedom.org/research/rogue-ca/
>
> Best regards,
Yup, SSL is pretty much dead now. First CAs not checking whom they
issue the cert, then CAs still using MD5. At 25c3, I even tunnelled all
SSL-connections through SSH, as you can't rely on SSL anymore.
--
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20081231/21c995c8/attachment.pgp
More information about the Security
mailing list