[cryptography] [OT]: From the Experts: SSL Hacked!
noloader at gmail.com
Tue Sep 27 19:32:22 EDT 2011
Not surprisingly, none of the suggestions below benefit the consumer
or individual. Perhaps they should just use GPL like verbiage - "not
fit for any use".
"Enterprise can't rely on encrypted communications anymore, but
corporate counsel can champion a fix"
"With respect to the enterprise's public-facing website and SSL portal
for its customers, corporate counsel and IT should determine: (i)
whether the "subscriber agreement" between the enterprise and the CA
adequately protects the enterprise; (ii) the identity and reliability
of the relevant RAs used by the CA; (iii) the types of audit policies
the CA follows; (iv) whether the CA has been the subject of prior
exploits; (v) the types of statements made by the enterprise in its
Terms and Conditions of Use regarding the supposed reliability of SSL;
(vi) whether the addition of better disclaimers is needed; and (vii)
the nature and extent of the CA's insurance coverage."
More information about the cryptography