Home page logo

nanog logo nanog mailing list archives

Re: Security team successfully cracks SSL using 200 PS3's and MD5
From: Jason Uhlenkott <jasonuhl () jasonuhl org>
Date: Mon, 5 Jan 2009 12:18:59 -0800

On Fri, Jan 02, 2009 at 15:33:05 -0600, Joe Greco wrote:
This would seem to point out some critical shortcomings in the current SSL
system; these shortcomings are not necessarily technological, but rather
social/psychological.  We need the ability for Tom, Dick, or Harry to be
able to crank out a SSL cert with a minimum of fuss or cost; having to 
learn the complexities of SSL is itself a "fuss" which has significantly 
and negatively impacted Internet security.

Somehow, we managed to figure out how to do this with PGP and keysigning,
but it all fell apart (I can hear the "it doesn't scale" already) with SSL.

If we had DNSSEC, we could do away with SSL CAs entirely.  The owner
of each domain or host could publish a self-signed cert in a TXT RR,
and the DNS chain of trust would be the only form of validation needed.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]