Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
From: paddy@panici.net
Date: Tue, 13 May 2008 20:04:48 +0000
Message-id: <[🔎] 20080513200448.GB14406@localhost.localdomain>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] pan.2008.05.13.19.38.27@robots.org.uk>
References: <87od7az9v4.fsf@mid.deneb.enyo.de> <[🔎] m3skwmatou.fsf@neo.luffy.cx> <[🔎] pan.2008.05.13.19.38.27@robots.org.uk>

On Tue, May 13, 2008 at 07:38:27PM +0000, Sam Morris wrote:
> On Tue, 13 May 2008 21:29:53 +0200, Vincent Bernat wrote:
> 
> >  - It seems  that firefox does not handle  CRL unless manually imported,
> >    correct? This  means that in  most cases already  issued certificates
> >    are still  vulnerable even revoked. A  quick look seems  to show that
> >    most software do not handle CRL at all.
> 
> Yes, x509 is fundamentally broken in the first place.
> 

and how!  

see http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt
for more in this vein.

I never tire of reading that file ...

Regards,
Paddy

Reply to:

References:
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: Vincent Bernat <bernat@luffy.cx>
- Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
  - From: Sam Morris <sam@robots.org.uk>

Prev by Date: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Next by Date: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Previous by thread: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Next by thread: Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
Index(es):
- Date
- Thread