moin moin,
Lisa has probably posted the second issue, but I'm a bit behind on the
list. The first one appears to be from today and I don't see anything from
her today.
http://openssl.org/news/secadv_20090107.txt
OK, so DSA and ECDSA certs in OpenSSL now are suspect, but RSA is still
safe, except...
http://www.win.tue.nl/hashclash/rogue-ca/
Hmm, it's possible to impersonate a CA and create RSA certs that'll be
accepted :(.
I think the 'Outline of the attack' section indicates that the original CA
certificate is needed, so CAs moving away from MD5 can avoid the problem.
ciao,
der.hans
--
# http://www.LuftHans.com/ http://www.LuftHans.com/Classes/
# Strangers are friends just waiting to happen!
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)