cacert-sysadm AT lists.cacert.org
Subject: CAcert System Admins discussion list
List archive
- From: Ian G <iang AT iang.org>
- To: cacert-board AT lists.cacert.org
- Cc: CAcert System Administrators <cacert-sysadm AT lists.cacert.org>, "CAcert Code Development list." <cacert-devel AT lists.cacert.org>
- Subject: Re: new SSL Attacks
- Date: Thu, 30 Jul 2009 16:36:32 +0200
On 30/7/09 16:07, Henrik Heigl - cacert.org wrote:
Hy there,
in the past we also have to deal with the news from SSL attacks. There
is a new one:
http://blogs.itworldcanada.com/security/2009/07/30/learnings-from-blackhat-new-attacks-on-ssl/
So I ask if there is anything to say here from CAcert?! I want to send
out some PR on that...
OK, good question! We are supposed to be leaders in security :)
The article is fairly light, so not a lot to say. If there are better articles like the actual presentations, that might help...
However, it does indicate that there are some attacks to do with inserting nulls into the certificate requests ... not entirely clear.
So one thing we could do is ask the technical people, whether there is any reason to believe that CAcert can issue false certificates by means of inserting nulls in the CommmonName or subjectAltName?
This would likely involve either reading the source, or trying it. Hence the wider CC lines.
iang
PS: ah, the evils of cross-posting :)
- Re: new SSL Attacks, Ian G, 07/30/2009
- Re: new SSL Attacks, Ian G, 07/30/2009
- Re: new SSL Attacks, Ian G, 07/31/2009
- <Possible follow-up(s)>
- Re: new SSL Attacks, Florian Lagg, 07/31/2009
- Re: new SSL Attacks, Florian Lagg, 07/31/2009
- Re: new SSL Attacks, Florian Lagg, 07/31/2009
- Re: new SSL Attacks, Kim Holburn, 07/31/2009
- Re: new SSL Attacks, Ian G, 07/30/2009
Archive powered by MHonArc 2.6.16.