Comments on: Twitter SSL Fail… Again! http://www.sslfail.com/2009/01/twitter-ssl-fail-again/ 1.2.840.113549.1.1 Thu, 01 Jul 2010 03:13:58 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Tyler http://www.sslfail.com/2009/01/twitter-ssl-fail-again/comment-page-1/#comment-1746 Tyler Thu, 21 May 2009 00:43:05 +0000 http://www.sslfail.com/?p=179#comment-1746 @Pat I think you should take note of this FAQ Question & Answer (from: http://www.win.tue.nl/hashclash/rogue-ca/) Question: What should websites do that have digital certificates signed with MD5? Answer: Nothing at this point. Digital certificates legitimately obtained from all CAs can be believed to be secure and trusted, even if they were signed with MD5. Our method required the purchase of a specially crafted digital certificate from a CA and does not affect certificates issued to any other regular website. @Pat

I think you should take note of this FAQ Question & Answer (from: http://www.win.tue.nl/hashclash/rogue-ca/)

Question: What should websites do that have digital certificates signed with MD5?

Answer: Nothing at this point. Digital certificates legitimately obtained from all CAs can be believed to be secure and trusted, even if they were signed with MD5. Our method required the purchase of a specially crafted digital certificate from a CA and does not affect certificates issued to any other regular website.

]]> By: Pat Murphy http://www.sslfail.com/2009/01/twitter-ssl-fail-again/comment-page-1/#comment-1742 Pat Murphy Wed, 20 May 2009 23:10:54 +0000 http://www.sslfail.com/?p=179#comment-1742 As of May 20, 2009, https://twitter.com/ has a cert that is signed with the MD5 algorithm. Search any geek news site for "ssl md5" and you'll see this is NOT a good idea anymore. As of May 20, 2009, https://twitter.com/ has a cert that is signed with the MD5 algorithm. Search any geek news site for “ssl md5″ and you’ll see this is NOT a good idea anymore.

]]>