Home page logo

nanog logo nanog mailing list archives

Re: Security team successfully cracks SSL using 200 PS3's and MD5
From: Florian Weimer <fw () deneb enyo de>
Date: Sat, 03 Jan 2009 14:57:59 +0100

* Joe Greco:

A CA statement that they won't issue MD5-signed certificates in the
future should be sufficient.  There's no need to reissue old
certificates, unless the CA thinks other customers have attacked it.

That would seem to be at odds with what the people who documented this 
problem believe.

What do they believe?  That the CA should reissue certificates even if
the CA assumes that there haven't been other attacks?  Or that the CA
should not reissue, despite evidence of other attacks?

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]