[Security] Rogue CAs
js-xmpp-security at webkeks.org
Wed Dec 31 08:29:28 CST 2008
Pedro Melo <melo at simplicidade.org> wrote:
> I'm no expert but this seems pretty bad:
> Best regards,
Yup, SSL is pretty much dead now. First CAs not checking whom they
issue the cert, then CAs still using MD5. At 25c3, I even tunnelled all
SSL-connections through SSH, as you can't rely on SSL anymore.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20081231/21c995c8/attachment.pgp
More information about the Security