So, essentially, what you're saying is that it was a targeted attack against a user, instead of an attack targeted against a server?
Apparently, keeping track of keys in certificates placed individually into NSS might be a good idea regardless. -Kyle H On Thu, Nov 6, 2008 at 5:09 PM, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > Ian G wrote, On 2008-11-06 15:06: >> Nelson B Bolyard wrote: >>> Ian G wrote, On 2008-11-06 12:48: >>>> Nelson B Bolyard wrote: >>>>> What curious things do you notice about these certs? >>>> Only one key? >>> Yup. That's the biggie. It allows the MITM to get by with just a >>> single private key. > >> OK. We can of course all imagine ways to exploit that weakness, but it >> seems rather pointless to me. > > I'm merely providing evidence of an MITM attack. > > These certs were extracted from a Firefox user's cert DB, after > "security exceptions" had been created for every one of them. > > The idea that it was an MITM attack came about because the user > could not access any https sites (for some time) without encountering > one of FireFox's self-signed cert dialogs. The fact that all the > certs bear a common public key is only confirmation of that conclusion. > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
