I'm sorry, I'm just not interested in talking about security in terms of attackers who are too dumb or lazy to carry out well-known, utterly practical attacks. You can keep saying that "the encryption part of SSL works fine with authentication"; if you add the phrase "as long as you're dealing with functionally retarded adversaries", I won't even call you on it.
Well known and utterly practical? You have been commenting about how difficult this attack is and how the MD5 collision breakthrough is still secret.
You're not interested in the risk of or protection against provided by SSL encryption for a simple and probably relatively common passive attack? Because those people are lazy or dumb, we can write them off entirely and say SSL provides no security if there's a potential CA related exploit? I get that it's not as interesting a situation to think about, but I think that logically you can prove that SSL provides an increased security over http to the end user, even if some certs could be compromised.
"
(2) You have to be able to generate the collision within a short window of time to get the resulting product signed properly by the CA, so you need the new academic result (and the PS3s).
(1) The attack is extremely difficult to pull off.
(2) Critical details required to carry it out --- an academic breakthrough in MD5 collision-finding --- were actually withheld, meaning that no "zero-day" occurred.
(3) The "fix" for this attack is for RapidSSL to randomize serials and stop using MD5, both of which will happen; if you believe certificates from before today are vulnerable, that's an even stronger argument for publishing.
"
The attack you are talking about it completely trivial. It relies on you being too dumb to even care if you have a real certificate. The attack Sotirov, et al have discovered is extremely hard. It works even if you check certificates.
I think that was modoc's original point, in response to the 'stella' comment. SSL, even if vulnerable to Sotirov-level impersonation attacks, still protects from other idiot-level attacks.
So you might be tricked into setting up encrypted communication to one of the (small) N groups that have the knowledge/budget to do a Sotirov attack, but at least you still won't have identity details hijacked by (large) M others, because even broken cert-checking protects against them.
