[nycbug-talk] OpenVPN (was MD5 stuff)

Dan Langille dan at langille.org
Wed Jan 7 13:59:04 EST 2009

On Dec 31, 2008, at 6:44 PM, Isaac Levy wrote:

> On Dec 31, 2008, at 2:45 AM, Miles Nordin wrote:
>> I think it would be funny if these guys made a real CA cert with  
>> their
>> exploit and started selling certs signed by their fake key for $2  
>> each
>> or something.  not illegitimate certs, like, email-contact-verified
>> certs, the regular legitimate kind, just cheaper.  Why not?  It's
>> probably even legal in some jurisdiction if not in most.  and most
>> webmasters just want to turn the browser bar green.  It works now, so
>> for $2 why not?  I'd buy one.  If it starts turning browser bars red
>> some day, buy a more expensive cert _some day_, not now. The whole
>> cert thing was such a racket to begin with, i wish they'd start
>> selling fake ones.
> Insanely great idea, IMHO- I mean, why not?  It's like creating a new
> currency (backed by insecurity).
> --
> Sidenote- everyone here who's dismissed OpenVPN, it almost goes
> without saying that this is yet another rock in that bucket...

That's a nice turn of phrase.  Never heard it before.

Really?  People dismiss OpenVPN?  Seems to be an OK solution to me.
Mind you, it doesn't matter what you pick, someone will dismiss it.

It's been working flawlessly for my needs for the past month or so.

Dan Langille

More information about the talk mailing list