[cryptography] wont CA hackers CA pin also? and other musings (Re: PKI "fixes" that don't fix PKI (part III))

Ralph Holz holz at net.in.tum.de
Sat Sep 10 12:19:36 EDT 2011


> And just while I am here there was a paper that proposed a firefox plugin
> that would cache certs and warn if one changed unexpectedly.  Savy users
> would then notice the warning before clicking through, and post the
> evidence
> on relevant security lists.  However the plugin seems to be vaporware
> and no
> one ever implemented or at least released such a thing which seems rather
> odd in the last years SSL/PKI environment.  We could really use such a
> thing
> around now, I'd install it for sure.

I am not quite sure... are you referring to Kai Engert's recent
proposal? We're working on a (more elaborate) version of that...

Ralph
-- 
Dipl.-Inform. Ralph Holz
I8: Network Architectures and Services
Technische Universität München
http://www.net.in.tum.de/de/mitarbeiter/holz/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20110910/213fa649/attachment.asc>


More information about the cryptography mailing list