[tor-talk] New HTTP authorization attack
Mike Perry
mikeperry at fscked.org
Tue Aug 23 20:13:34 UTC 2011
Thus spake Julie C (julie at h-ck.ca):
> On Tue, Aug 23, 2011 at 8:23 AM, Mike Perry <mikeperry at fscked.org> wrote:
>
> >
> > <snip>
> >
> > SSL certificates are not isolated. They might never be. The SSL stack
> > is a nightmare.
> >
> >
> Mike, can you provide some specifics on how the SSL stack is a nightmare? I
> am working on development of an open source C-based libevent2-based
> stand-alone SSL MiTM proxy but have not yet hit any of the ugly stuff.
> Pointers to information would also be appreciated.
I was referring to the integration of NSS with the rest of Firefox.
Based on my limited experience, NSS generally doesn't seem to like its
state munged around with. It sort of lives in its own world and the
interfaces to it are prone to race conditions and optimizations that
are build on the assumption that the current use case (one set of SSL
state for the entire browser) is the only desirable one.
But good luck on your sketch project. May the intermediate certs be
with you!
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20110823/8f8d6081/attachment.pgp>
More information about the tor-talk
mailing list