Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yes, but then that bogus certificate is in the wild. Once once someone has a copy of a bogus certificate, then they can prove that that CA is corrupt. That CA loses its business model. What I am saying does not prevent one-off attacks, but all it takes is one person to capture a bad certificate to discredit a CA. Hence it would not work in a universal censorship scheme as Google is combating. Maybe I am still overlooking something, and I suppose China could just SSL proxy the whole country, which would defeat all of this.


You are very confused about how SSL in the context of HTTP works. Here's the best talk I know of this subject:

BlackHat USA 2011: SSL And The Future Of Authenticity: http://www.youtube.com/watch?v=Z7Wl2FW2TcA




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: