[cryptography] Diginotar Lessons Learned (long)

Andy Steingruebl andy at steingruebl.com
Sat Sep 10 13:20:14 EDT 2011


On Sat, Sep 10, 2011 at 9:43 AM, James A. Donald <jamesd at echeque.com> wrote:
>
> Most attacks aim to obtain shared secrets, so, obviously, a major solution
> is not fixing PKI, but SRP

Though aren't the most recent issues related to obtaining things other
than shared secrets?  The attacks against CAs recently haven't been to
perform financial attacks, they have been to get identity information,
which SRP isn't going to protect right?

I don't disagree that *most* attacks are about finances, but quite a
number are also about stealing other confidential information.

- Andy



More information about the cryptography mailing list