[Novalug] How secure is SSL now ????
Rich Goodwin
Rich.Goodwin at cox.net
Fri Mar 26 18:19:14 EDT 2010
I saw the EFF alert titled "New Research Suggests That Governments May
Fake SSL Certificates" and thought - ok, another doom and gloom, Chicken
Little story. I am not convinced it is not but, if anyone can fake a
server site seamlessly, there is REAL room for concern. Especially with
all the online banking and impending digital health records.
Is anyone aware of the details here?? I am going to start looking into
it but would appreciate relevant inputs on feasibility, mechanics, etc.
The statements about Packet Forensics seems convoluded - if I get the
keys, I can impersonate the site ... duh!!! If you have the keys
(ASSuming private here), then ... YES!! You ARE that identity!!!
(digitally speaking) So is there more than being responsible in
protecting your private keys here???
Rich
More information about the Novalug
mailing list