Nelson B Bolyard wrote:
Ian G wrote, On 2008-11-06 12:48:
Nelson B Bolyard wrote:
What curious things do you notice about these certs?
Only one key?
Yup. That's the biggie. It allows the MITM to get by with just a
single private key.
OK. We can of course all imagine ways to exploit that weakness, but it
seems rather pointless to me. In that, if any defence worked, the
attacker would just start using different keys. How long does it take
to generate a pool of thousands of keys? How many million machines on
your botnet?
Is this a real live attack? Any other details? Or is this K's attack
as per current thread?
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
