[Security] Rogue CAs

Jonathan Schleifer js-xmpp-security at webkeks.org
Wed Dec 31 08:29:28 CST 2008


Pedro Melo <melo at simplicidade.org> wrote:

> Hi,
> 
> I'm no expert but this seems pretty bad:
> http://www.phreedom.org/research/rogue-ca/
> 
> Best regards,

Yup, SSL is pretty much dead now. First CAs not checking whom they
issue the cert, then CAs still using MD5. At 25c3, I even tunnelled all
SSL-connections through SSH, as you can't rely on SSL anymore.

-- 
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20081231/21c995c8/attachment.pgp 


More information about the Security mailing list