| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <e024ccca0605220606k558e4f97wd23be27a64ffe78b@mail.gmail.com> Date: Mon May 22 14:06:50 2006 From: dudevanwinkle at gmail.com (Dude VanWinkle) Subject: Five Ways to Screw Up SSL On 5/21/06, Thierry Zoller <Thierry@...ler.lu> wrote: > Dear Dude VanWinkle, > > DV> Why would it matter who signed it? As long as the data is encrypted as > DV> it travels over the internet, I am happy. > Why would it matter who signed it? I am happy to handle the ssl > handshake mitm for you. All your encrypted data is belong to me. I was referring to the CA that signs it. It was implied that freessl.com, who gives out trial certificates, is an unreliable CA. I do not understand why their certs would be any less valid than anothers. As long as the website listed on the cert is the website you are visiting, why should it matter who issued the cert? -JP > > -- > http://secdev.zoller.lu > Thierry Zoller > Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7 > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists