Threaded Mode | Linear Mode

sbk · Nov. 09, 2013, 12:25 PM

http://www.esoft.com/network-security-th...ly-secure/
Selling. The external link is apparently (I didn't visit) about easily conned Cert Authorities, Comodo. Previous news stories have reported other conned CAs. This is a social engineering flaw, demonstrating that "experts" are vulnerable to social engineering. We also know that internet users are vulnerable to social engineering. Flaw seems incuirable, though is not inherent to SSL itself.

http://www.privatewifi.com/ask-the-exper...-we-think/
Selling. Internal links, which I didn't visit.

http://superuser.com/questions/225472/how-safe-is-https
Banks (experts) are fallible, yes. OTOH, traditional non-internet security also steadily suffers new attacks.
The other factors in comments are social engineering, except keylogger.
I wonder when academics will consider 128bit SSL to be too small.

https://www.eff.org/deeplinks/2011/10/ho...ttps-today
A more thorough outline, imo. My brain is not in gear enough to study carefully.
#2and #4 seem beyond control (failings) of CAs.
#5 looks bad for other reasons.

I suppose the problems are too much to trust security of the CA system for authenticating sites.

But after recently reading about the function of keys, I've wondered whether encryption function can be separated. I'm not sure if encryption can be independent of authentication.