[cryptography] Another data point on SSL "trusted" root CA reliability (S Korea)

Randall Webmail rvh40 at insightbb.com
Mon Sep 19 15:07:30 EDT 2011


From: "Peter Gutmann" <pgut001 at cs.auckland.ac.nz>
To: cryptography at randombit.net
Sent: Monday, September 19, 2011 2:32:21 PM
Subject: Re: [cryptography] Another data point on SSL	"trusted"	root	CA	reliability (S Korea)

Ralph Holz <holz at net.in.tum.de> writes:

>In terms of warkitting routers, they're pretty much all vulnerable [0], so all
>you'd need to do after that is exploit the "CA" certs.  OTOH if you can warkit
>a router you can also drop sslstrip on it, and at that point it's game over
>for the user whether you have a CA cert or not.

Does this warkitting require physical access to the router?  



More information about the cryptography mailing list