|
|
|
|
|
|
by hasker
5125 days ago
|
|
|
Yes, but then that bogus certificate is in the wild. Once once someone has a copy of a bogus certificate, then they can prove that that CA is corrupt. That CA loses its business model. What I am saying does not prevent one-off attacks, but all it takes is one person to capture a bad certificate to discredit a CA. Hence it would not work in a universal censorship scheme as Google is combating. Maybe I am still overlooking something, and I suppose China could just SSL proxy the whole country, which would defeat all of this. |
|
|
BlackHat USA 2011: SSL And The Future Of Authenticity: http://www.youtube.com/watch?v=Z7Wl2FW2TcA