[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory

To: Ben Laurie <benl@xxxxxxxxxx>
Subject: Re: [Full-disclosure] [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory
From: Dick Hardt <dick@xxxxxxxx>
Date: Fri, 8 Aug 2008 10:29:24 -0700

On 8-Aug-08, at 10:11 AM, Ben Laurie wrote:
>
> It also only fixes this single type of key compromise. Surely it is
> time to stop ignoring CRLs before something more serious goes wrong?

Clearly many implementors have chosen to *knowingly* ignore CRLs  
despite the security implications, so my take away would be that the  
current public key infrastructure is flawed.

-- Dick

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory
  - From: Gerald Beuchelt
- Re: [Full-disclosure] [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory
  - From: Eddy Nigg (StartCom Ltd.)

References:
- [Full-disclosure] OpenID/Debian PRNG/DNS Cache poisoning advisory
  - From: Ben Laurie
- Re: [Full-disclosure] OpenID/Debian PRNG/DNS Cache poisoning advisory
  - From: Eric Rescorla
- Re: [Full-disclosure] OpenID/Debian PRNG/DNS Cache poisoning advisory
  - From: Dave Korn
- Re: [Full-disclosure] OpenID/Debian PRNG/DNS Cache poisoning advisory
  - From: Eric Rescorla
- Re: [Full-disclosure] OpenID/Debian PRNG/DNS Cache poisoning advisory
  - From: Ben Laurie

Prev by Date: Re: [Full-disclosure] OpenID/Debian PRNG/DNS Cache poisoning advisory
Next by Date: Re: [Full-disclosure] OpenID/Debian PRNG/DNS Cache poisoning advisory
Previous by thread: Re: [Full-disclosure] OpenID/Debian PRNG/DNS Cache poisoning advisory
Next by thread: Re: [Full-disclosure] [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory
Index(es):
- Date
- Thread