[cryptography] *.google.com certificate issued by DigiNotar

coderman coderman at gmail.com
Fri Sep 2 13:55:14 EDT 2011


On Thu, Sep 1, 2011 at 9:19 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> ...
> I wonder if we're going to see something like the four-minute-mile phenomenon,
> until Roger Bannister did it, it was thought to be impossible, but once he'd
> proven it was possible an avalanche of others followed his lead.  So now that
> we've had repeated public cases showing you can own a CA, will others follow?

the next escalation will be sploiting private keys out of hardware
security modules presumed impervious to such attacks.

given the quality of HSM firmwares they're lucky cost is somewhat a
prohibiting factor for attackers.

authority in the wild, not just certs. :P



More information about the cryptography mailing list