Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos network security services platform

Bugtraq: Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory

Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory

From: Dick Hardt <dick_at_sxip.com>
Date: Fri, 8 Aug 2008 10:29:24 -0700

On 8-Aug-08, at 10:11 AM, Ben Laurie wrote:
>
> It also only fixes this single type of key compromise. Surely it is
> time to stop ignoring CRLs before something more serious goes wrong?

Clearly many implementors have chosen to *knowingly* ignore CRLs
despite the security implications, so my take away would be that the
current public key infrastructure is flawed.

-- Dick
Received on Aug 08 2008

This message: [ Message body ]
Next message: Digital Security Research Group [DSecRG]: "[DSECRG-08-035] Local File Include Vulnerability in Gallery 1.5.7, 1.6-alpha3"
Previous message: Raphael Marichez: "[ GLSA 200808-08 ] stunnel: Security bypass"
In reply to: Ben Laurie: "Re: OpenID/Debian PRNG/DNS Cache poisoning advisory"
Next in thread: Perry E. Metzger: "Re: OpenID/Debian PRNG/DNS Cache poisoning advisory"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]