[cryptography] [OT]: From the Experts: SSL Hacked!

Jeffrey Walton noloader at gmail.com
Tue Sep 27 19:32:22 EDT 2011

Not surprisingly, none of the suggestions below benefit the consumer
or individual. Perhaps they should just use GPL like verbiage - "not
fit for any use".

"Enterprise can't rely on encrypted communications anymore, but
corporate counsel can champion a fix"

"With respect to the enterprise's public-facing website and SSL portal
for its customers, corporate counsel and IT should determine: (i)
whether the "subscriber agreement" between the enterprise and the CA
adequately protects the enterprise; (ii) the identity and reliability
of the relevant RAs used by the CA; (iii) the types of audit policies
the CA follows; (iv) whether the CA has been the subject of prior
exploits; (v) the types of statements made by the enterprise in its
Terms and Conditions of Use regarding the supposed reliability of SSL;
(vi) whether the addition of better disclaimers is needed; and (vii)
the nature and extent of the CA's insurance coverage."

More information about the cryptography mailing list