[SSL Observatory] Number of CAs

Robert Malmgren rom at romab.com
Thu Dec 8 07:19:24 PST 2011


On 12/8/11 5:20 AM, Jacob Appelbaum wrote:
> On 12/07/2011 06:27 PM, Phillip Hallam-Baker wrote:
>> If you think 50 CAs is too many then make your case based on the number
>> there is support for rather than inflating it.
> All of this reminds me of a fantastic joke from the wonderful book
> Stasiland:
>
> Herr Bohnsack starts with a joke. "The USA, the Soviet Union and the GDR
> want to raise the Titanic," he says. "The USA wants the jewels presumed
> to be in the safe, the Soviets are after the state-of-the-art
> technology; and the GDR" - he downs his Korn for dramatic pause - "the
> GDR wants the band that played as it went down."
>
> Out of fifty or six hundred and fifty, I still have two keys that could
> be used for MITM on a large number of targets. One key has been
> released[0], the other has not[1].
>
> So what's the case?
>
> I was able to become a valid CA at all. Two really. In some
> circumstances, I'm still able to sign things as if I was a valid CA.
>
> That's a pretty silly security system. Though I do appreciate that
> you're willing to sing the chorus with the CA band as the X509 security
> ship sinks!
>
> All the best,
> Jacob
>
> [0]
> https://www.noisebridge.net/pipermail/noisebridge-discuss/2009-September/008400.html
> [1] http://www.win.tue.nl/hashclash/rogue-ca/

It seem to be more torpedoes in the water, to keep those ship sinking

"Another Dutch CA Hacked"

http://translate.google.com/translate?sl=auto&tl=en&js=n&prev=_t&hl=en&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwebwereld.nl%2Fnieuws%2F108815%2Fweer-certificatenleverancier-overheid-gehackt.html&act=url

--r

-- 
---
Robert Malmgren                 Encrypted e-mail preferred
E-mail: rom at romab.com           PGP RSA 4096, id: 0x5B979EF5
Cellular: +46(0)708-330378      Fingerprint: DE59 D86C 4CAF 2E59 A64E 
Jabber: rom at romab.com                        5476 2360 F1B4 5B97 9EF5




More information about the Observatory mailing list