moin moin,

Lisa has probably posted the second issue, but I'm a bit behind on the
list. The first one appears to be from today and I don't see anything from
her today.

http://openssl.org/news/secadv_20090107.txt

OK, so DSA and ECDSA certs in OpenSSL now are suspect, but RSA is still
safe, except...

http://www.win.tue.nl/hashclash/rogue-ca/

Hmm, it's possible to impersonate a CA and create RSA certs that'll be
accepted :(.

I think the 'Outline of the attack' section indicates that the original CA
certificate is needed, so CAs moving away from MD5 can avoid the problem.

ciao,

der.hans
-- 
#  http://www.LuftHans.com/        http://www.LuftHans.com/Classes/
#  Strangers are friends just waiting to happen!
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss