Over the past few years, the much more standard way of defeating SSL has been to compromise one of the 600 or so entities authorized to mint certificates that are trusted by Firefox and other standard browsers. Given the success and ease of that method, the techniques laid out in the research paper would likely not be an attacker’s first choice of exploitation.
Tags: