Re: [Full-disclosure] [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory

From: Dick Hardt <dick_at_nospam>
Date: Fri Aug 08 2008 - 17:29:24 GMT
To: Ben Laurie <benl@google.com>

On 8-Aug-08, at 10:11 AM, Ben Laurie wrote: >
> It also only fixes this single type of key compromise. Surely it is
> time to stop ignoring CRLs before something more serious goes wrong?

Clearly many implementors have chosen to *knowingly* ignore CRLs despite the security implications, so my take away would be that the current public key infrastructure is flawed.

Dick

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: Tim Dierks: "Re: [Full-disclosure] OpenID/Debian PRNG/DNS Cache poisoning advisory"
Previous message: Florian Weimer: "Re: [Full-disclosure] OpenID/Debian PRNG/DNS Cache poisoning advisory"
In reply to: Ben Laurie: "Re: [Full-disclosure] OpenID/Debian PRNG/DNS Cache poisoning advisory"
Next in thread: Gerald Beuchelt: "Re: [Full-disclosure] [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory"
Reply: Gerald Beuchelt: "Re: [Full-disclosure] [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory"
Reply: Eddy Nigg (StartCom Ltd.): "Re: [Full-disclosure] [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]