full-disclosure-uk August 2008 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: Re: [Full-disclosure] [OpenID] OpenID/Debian

Re: [Full-disclosure] [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory

From: Dick Hardt <dick_at_nospam>
Date: Fri Aug 08 2008 - 17:29:24 GMT
To: Ben Laurie <benl@google.com>

On 8-Aug-08, at 10:11 AM, Ben Laurie wrote: >
> It also only fixes this single type of key compromise. Surely it is
> time to stop ignoring CRLs before something more serious goes wrong?

Clearly many implementors have chosen to *knowingly* ignore CRLs despite the security implications, so my take away would be that the current public key infrastructure is flawed.

  • Dick

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/