Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: [lists] Re: Administrivia: List Compromised dueto MailmanVulnerability
From: "Jason Coombs" <jasonc () science org>
Date: Sun, 13 Feb 2005 19:24:30 +0000 GMT

Valid ... Invalid ... Nonsense.

The only meaningful thing the engine could do is check whether the certificate is the certificate it is supposed to be 
by looking at the public key contained therein.

A public key that has never before been seen in the real world, by anyone, anywhere, is a threat until proved 
otherwise. A public key that we have never seen before should not be trusted automatically, even if somebody else has 
encountered it in the past.

No change of public key should be allowed without human intervention to rationalize the legitimacy of the change. 
Automated 'Valid' / 'Invalid' determinations are absurd where there is a different public key that was trusted instead 
for the same entity in the past.

We need systems that warn us of key changes and give us the opportunity to pick up the phone or walk down the hall and 
find out why the entity we trust was forced to abandon a perfectly good key pair in favor of another.


Jason Coombs
jasonc () science org
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • Re: [lists] Re: Administrivia: List Compromised dueto MailmanVulnerability Jason Coombs (Feb 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]