[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory

To: Ben Laurie <benl@xxxxxxxxxx>
Subject: Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory
From: Dick Hardt <dick@xxxxxxxx>
Date: Fri, 8 Aug 2008 10:29:24 -0700

On 8-Aug-08, at 10:11 AM, Ben Laurie wrote:


It also only fixes this single type of key compromise. Surely it is
time to stop ignoring CRLs before something more serious goes wrong?

Clearly many implementors have chosen to *knowingly* ignore CRLsdespite the security implications, so my take away would be that thecurrent public key infrastructure is flawed.


-- Dick

References:
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory
  - From: Eric Rescorla
- RE: OpenID/Debian PRNG/DNS Cache poisoning advisory
  - From: Dave Korn
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory
  - From: Eric Rescorla
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory
  - From: Ben Laurie

Prev by Date: [ GLSA 200808-08 ] stunnel: Security bypass
Next by Date: [DSECRG-08-035] Local File Include Vulnerability in Gallery 1.5.7, 1.6-alpha3
Previous by thread: Re: OpenID/Debian PRNG/DNS Cache poisoning advisory
Next by thread: Re: OpenID/Debian PRNG/DNS Cache poisoning advisory
Index(es):
- Date
- Thread