[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Expired certificate

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Expired certificate
From: Jan Schejbal <jan.mailinglisten@xxxxxxxxxxxxxx>
Date: Wed, 21 Jul 2010 20:12:34 +0200

Am 2010-07-16 20:06, schrieb Dimitry Andric:
> That is definitely not the only reason.  The longer a certificate (or
> actually, any 'secret key') is being used, the larger the probability
> that it will be compromised, either by an opponent brute-forcing it, or
> by good ole' human error.

The problem with this is, that often it seems to be usual to "renew"
certificates. I.e. CA gets cash, CA issues a new cert on EXACTLY THE
SAME KEY with just a different serial and validity...

Gruß
Jan

-- 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Expired certificate
  - From: Daniel Sichel
- Re: [Full-disclosure] Expired certificate
  - From: Larry Seltzer
- Re: [Full-disclosure] Expired certificate
  - From: Dimitry Andric

Prev by Date: [Full-disclosure] SQL Injection vulnerability in coWiki
Next by Date: [Full-disclosure] ZDI-10-136: Novell Teaming ajaxUploadImageFile Remote Code Execution Vulnerability
Previous by thread: Re: [Full-disclosure] Expired certificate
Next by thread: Re: [Full-disclosure] Expired certificate
Index(es):
- Date
- Thread