Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

RE: [lists] Re: Administrivia: List Compromised due to MailmanVulnerability
From: "Curt Purdy" <purdy () tecman com>
Date: Sun, 13 Feb 2005 07:05:16 -0600

Anders Langworthy wrote:
Valdis.Kletnieks () vt edu wrote:
Unless we have a Schrodinger's Cat John who manifests itself twice, 
once saying "Yup" and once saying "Oh shit!". :)


Hehe.  Technically it doesn't work that way.  At this very 
moment, the certificate can be both valid and invalid.  
However, once we query John about his state (akin to opening 
the bag and checking up on the Cat) and he produces an 
answer, the wave function that is John's SSL Certificate has 
collapsed.  At that point, the certificate can either be 
valid or invalid, but not both. 
<snip>

Actually it can be both.  Unlike in the real world of physics, the unreal
world of the Internet has morphed perceptions.  And since in the real world
dualities cannot exist, this must be quantified.  Which is the reason the
engine should not just check if the certificate is valid, but should also
check if it is invalid. If so, it must then be rejected.

Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA 
Information Security Engineer 
DP Solutions 

-----------------------------

If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]