Dailydave: Re: tubes clogged

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Dailydave mailing list archives

Re: tubes clogged

From: dan () geer org
Date: Tue, 30 Dec 2008 08:45:48 -0500


Some time ago, perhaps in 2005, I did an analysis
of all the then-trusted Root Certs in the major
browsers.  As near as I could tell then, 25% of
the companies whose certs were embedded had by
that time gone out of business, and many of the
certs present had 20+ year expiry times thus
assuring that more certs would remain nominally
valid even when the owning companies died.

And, of course, there are national laboratories
that have likely already done all this repeatedly.

--dan

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

By Date By Thread

Current thread:

Re: tubes clogged, (continued)
- Re: tubes clogged H D Moore (Dec 29)
  - Re: tubes clogged Petja van der Lek (Dec 29)
    - Re: tubes clogged Fyodor (Dec 29)
    - Re: tubes clogged Jess Kitchen (Dec 29)
    - Re: tubes clogged Thorsten Holz (Dec 30)
    - Re: tubes clogged dan (Dec 30)
    - Re: tubes clogged Paul Melson (Dec 30)
- Re: tubes clogged Adrien Krunch Kunysz (Dec 30)
  - MD5 Considered Harmful Today: Creating a rogue CA certificate Alexander Sotirov (Dec 30)
    - Re: MD5 Considered Harmful Today: Creating a rogue CA certificate Charles Miller (Dec 30)
    - Re: MD5 Considered Harmful Today: Creating a rogue CA certificate Thomas Ptacek (Dec 30)