[security] SL comprimise
John Bradley
ve7jtb at ve7jtb.com
Wed Mar 30 19:59:08 UTC 2011
The problem is how do you not trust them without breaking significant parts of the internet.
They have us over a barrel.
John b.
On 2011-03-30, at 2:09 PM, Kurt Seifried wrote:
> http://www.linux-magazine.com/Issues/2010/112/ATTACKS-AGAINST-SSL/(kategorie)/0
>
> http://www.linux-magazine.com/Issues/2010/114/BREACH-OF-TRUST/(kategorie)/0
>
> And perfectly, just today:
>
> http://it.slashdot.org/story/11/03/30/1325230/Comodo-Says-Two-More-RAs-Compromised
>
> So... eBay has been selling secureID tokens to ebay/paypal customers
> for $5, to secure access to your accounts for several years now, but
> Comodo, who is literally selling trust, just uses a username/password?
> Hell, Gmail, for free, now does two factor authentication.
>
> Seriously, how can you trust something like a CA when they behave this
> badly/incompetently?
>
> -Kurt
>
> On Sun, Mar 27, 2011 at 2:54 AM, James A. Donald <jamesd at echeque.com> wrote:
>> On 2011-03-26 6:36 AM, Kurt Seifried wrote:
>>>
>>> There are some other major issues but as far as I can tell SSL is so
>>> fundamentally broken at the design and operational level it can't be
>>> fixed, I wrote some articles last year but gave up tilting at
>>> windmills because it was largely having no effect.
>>
>> Please point me to those articles.
>>
>
>
>
> --
> Kurt Seifried
> kurt at seifried.org
> skype: 1-703-879-3176
> _______________________________________________
> security mailing list
> security at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-security
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20110330/25e7b43a/attachment.p7s>
More information about the security
mailing list