[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[2]: [Full-disclosure] Five Ways to Screw Up SSL
- To: "Thierry Zoller" <Thierry@xxxxxxxxx>
- Subject: Re: Re[2]: [Full-disclosure] Five Ways to Screw Up SSL
- From: "Dude VanWinkle" <dudevanwinkle@xxxxxxxxx>
- Date: Mon, 22 May 2006 09:06:40 -0400
On 5/21/06, Thierry Zoller <Thierry@xxxxxxxxx> wrote:
Dear Dude VanWinkle,
DV> Why would it matter who signed it? As long as the data is encrypted as
DV> it travels over the internet, I am happy.
Why would it matter who signed it? I am happy to handle the ssl
handshake mitm for you. All your encrypted data is belong to me.
I was referring to the CA that signs it. It was implied that
freessl.com, who gives out trial certificates, is an unreliable CA. I
do not understand why their certs would be any less valid than
anothers.
As long as the website listed on the cert is the website you are
visiting, why should it matter who issued the cert?
-JP
--
http://secdev.zoller.lu
Thierry Zoller
Fingerprint : 5D84 BFDC CD36 A951 2C45 2E57 28B3 75DD 0AC6 F1C7
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/