[Novalug] How secure is SSL now ????
Julian Russell
lists at timber-wolf.org
Fri Mar 26 18:38:44 EDT 2010
SSL is not secure. US G and Law Enforcement are buying MITM SSL redirection
appliances to do this very thing.
On Fri, Mar 26, 2010 at 6:19 PM, Rich Goodwin <Rich.Goodwin at cox.net> wrote:
> I saw the EFF alert titled "New Research Suggests That Governments May
> Fake SSL Certificates" and thought - ok, another doom and gloom, Chicken
> Little story. I am not convinced it is not but, if anyone can fake a
> server site seamlessly, there is REAL room for concern. Especially with
> all the online banking and impending digital health records.
>
> Is anyone aware of the details here?? I am going to start looking into
> it but would appreciate relevant inputs on feasibility, mechanics, etc.
> The statements about Packet Forensics seems convoluded - if I get the
> keys, I can impersonate the site ... duh!!! If you have the keys
> (ASSuming private here), then ... YES!! You ARE that identity!!!
> (digitally speaking) So is there more than being responsible in
> protecting your private keys here???
>
> Rich
>
> _______________________________________________
> Novalug mailing list
> Novalug at calypso.tux.org
> http://calypso.tux.org/mailman/listinfo/novalug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://calypso.tux.org/pipermail/novalug/attachments/20100326/2bad1576/attachment.html
More information about the Novalug
mailing list