Ian G wrote:
Given the Data Nelson presented, there can be no doubt that the certs were created on the fly.Nelson B Bolyard wrote:Ian G wrote, On 2008-11-06 12:48:Nelson B Bolyard wrote:Only one key?What curious things do you notice about these certs?Yup. That's the biggie. It allows the MITM to get by with just a single private key.OK. We can of course all imagine ways to exploit that weakness, but it seems rather pointless to me. In that, if any defence worked, the attacker would just start using different keys. How long does it take to generate a pool of thousands of keys? How many million machines on your botnet?Is this a real live attack? Any other details? Or is this K's attack as per current thread?
bob
iang _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
