[Security] Rogue CAs

Eric Rescorla ekr at rtfm.com
Wed Dec 31 12:02:35 CST 2008


On Wed, Dec 31, 2008 at 9:52 AM, Jonathan Schleifer
<js-xmpp-security at webkeks.org> wrote:
> "Eric Rescorla" <ekr at rtfm.com> wrote:
>
>> It seems to me that this goes to the heart of whether this is a
>> serious threat or
>> just a demonstration. So, again: are you aware of a CA which is
>> widely trusted and is actually vulnerable to this form of collision
>> attack?
>
> As said before, that doesn't even matter much whether they fixed it or
> now, as the old root CAs are still out there and there are not working
> revocation lists.

You've said that repeatedly, but I don't think it's convincing.

Again, we know that two invalid certificates issued: one for mozilla.org
and one CA certificate. Please explain how this turns into a generalized
MITM attack by anybody *but* the people who hold those private
keys.

-Ekr


More information about the Security mailing list