[Security] Rogue CAs

Jonathan Schleifer js-xmpp-security at webkeks.org
Wed Dec 31 12:16:11 CST 2008

"Eric Rescorla" <ekr at rtfm.com> wrote:

> You've said that repeatedly, but I don't think it's convincing.
> Again, we know that two invalid certificates issued: one for
> mozilla.org and one CA certificate. Please explain how this turns
> into a generalized MITM attack by anybody *but* the people who hold
> those private keys.

Everybody knows now how to forge a CA using MD5. Even if that CA is not
using MD5 anymore, many browsers don't check revocation lists and still
have the old root CA imported. So the CAs revoke the bad root CA, but
it's still in the browsers and other now know as well how to forge the
old, revocated root CA, which is still in many browsers. Do you
understand the problem now?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20081231/9bc5f667/attachment.pgp 

More information about the Security mailing list