[Users] [Bug 2738] Erroneous rotation of SSL certificates

ratinox at gweep.net ratinox at gweep.net
Fri Sep 28 18:57:39 CEST 2012

On Fri, 28 Sep 2012 04:37:21 +0200 (CEST)
noreply at thewildbeast.co.uk wrote:

> 'correct'.  If it wants to bark about it, it should do so in a
> functional way which enhances security and is usable.  What it

Automatically accepting multiple certificates for a socket is a
security risk. For example, a certificate obtained from a compromised
CA can be used in MITM attacks. DigiNotar revealed last year that it
was tricked into issuing a valid wild card SSL cert for Google. Prior to
that, Comodo revealed that it had been tricked into issuing valid
certificates for Google, Yahoo and Skype.

From an algorithmic perspective there is no difference between Google's
"rotating" of SSL certificates and a third party MITM attack using a
valid but illegal certificate on a spoofed IP. The trust chains link
back to valid CAs and valid signatures. The only reliable way to
determine a certificate's authenticity is using the Mark I Eyeball to
compare certificates to known and verified goods every time the
certificates change. Anything else leaves your accounts
silently vulnerable to MITM attacks.

\m/ (--) \m/

More information about the Users mailing list