[cryptography] Another data point on SSL "trusted" root CA reliability (S Korea)

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Sep 19 14:32:21 EDT 2011


Ralph Holz <holz at net.in.tum.de> writes:

>I am wondering if we can't get our hands on such a router and do a proof-of-
>concept. Anyone in?

In terms of warkitting routers, they're pretty much all vulnerable [0], so all
you'd need to do after that is exploit the "CA" certs.  OTOH if you can warkit
a router you can also drop sslstrip on it, and at that point it's game over
for the user whether you have a CA cert or not.

Peter.

[0] "All" meaning that every brand that researchers could get their hands on
    proved vulnerable.



More information about the cryptography mailing list