Skip to Content.
Sympa Menu

cacert-sysadm - Re: new SSL Attacks

cacert-sysadm AT lists.cacert.org

Subject: CAcert System Admins discussion list

List archive

Re: new SSL Attacks


Chronological Thread 
  • From: Ian G <iang AT iang.org>
  • To: cacert-board AT lists.cacert.org
  • Cc: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>, "CAcert Code Development list." <cacert-devel AT lists.cacert.org>
  • Subject: Re: new SSL Attacks
  • Date: Thu, 30 Jul 2009 16:36:32 +0200

On 30/7/09 16:07, Henrik Heigl - cacert.org wrote:
Hy there,

in the past we also have to deal with the news from SSL attacks. There
is a new one:
http://blogs.itworldcanada.com/security/2009/07/30/learnings-from-blackhat-new-attacks-on-ssl/
So I ask if there is anything to say here from CAcert?! I want to send
out some PR on that...


OK, good question!  We are supposed to be leaders in security :)

The article is fairly light, so not a lot to say. If there are better articles like the actual presentations, that might help...

However, it does indicate that there are some attacks to do with inserting nulls into the certificate requests ... not entirely clear.

So one thing we could do is ask the technical people, whether there is any reason to believe that CAcert can issue false certificates by means of inserting nulls in the CommmonName or subjectAltName?

This would likely involve either reading the source, or trying it. Hence the wider CC lines.



iang

PS: ah, the evils of cross-posting :)



Archive powered by MHonArc 2.6.16.

Top of Page