[Security] Rogue CAs

Jonathan Schleifer js-xmpp-security at webkeks.org
Wed Dec 31 10:34:22 CST 2008


"Eric Rescorla" <ekr at rtfm.com> wrote:

> On Wed, Dec 31, 2008 at 8:10 AM, Jonathan Schleifer
> <js-xmpp-security at webkeks.org> wrote:
> > "Eric Rescorla" <ekr at rtfm.com> wrote:
> >
> >> No, this isn't correct either.
> >>
> >> One root CA issued a single bad certificate for a single domain.
> >> That CA has now corrected its practices.
> >
> > Well, we *KNOW* of one. That doesn't mean there isn't more.
> 
> Sure. But we also don't know that there are more. We don't know
> there's not a back door in J. Random XMPP client. So what?
> 
> Remember, you're claiming that "SSL is dead" on the basis of this.
> I'd hope to see more evidence than "we don't know" for an assertion
> that strong.

Well, for *ME*, it's dead. Maybe I should empathize more that it's my
personal opinion :). I'm too paranoid to trust SSL now. Sure, this will
be fixed somewhen. But that will take some time. There are still certs
generated with insecure Debian OpenSSL versions out there. So this
isn't something easy to fix and will take a long time. All the problems
in the past together show that SSL isn't that secure as many believed.

> Well, they *could* then, but RapidSSL has stopped using MD5, so now
> they can't now.

And they also said there are still more out there still using MD5.

> Jonathan's opinion that people shouldn't do online banking
> notwithstanding, people do this all the time, including for very
> large sums of money. So, no, I don't really think it's accurate to
> say that "browsers are the most unimportant clients".

I consider online banking too insecure, especially for Average Joe.
Really important things should always be done offline. And the user is
still the biggest hole ;).

> Then they can add one (note that on Windows and Mac there are
> consolidated trust databases anyway).  Again, this really isn't that
> hard.

Sure then can, and I never said something else. But all that will take
time. Likely, a long time.

> On the contrary: breaking into a machine once and installing a
> keylogger is far more efficient than having to be a MITM all the time.

Then you got accounts of how many persons? Only one. Data from more
persons = more money. So a MITM is more effective. Still, I guess 
everybdy on 25c3 tried to secure his machine to his best knowledge 
befoe attending :).

> DSA-1571-1/CVE-2008-0166

SSL ≠ SSH. I asked for the vulnerability in SSH you were talking about.
I only know of an attack where you can get parts of a session if it's
using CBC.

-- 
Jonathan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20081231/203a2982/attachment.pgp 


More information about the Security mailing list