Re: [SECURITY] [DSA 1571-1] New openssl packages fix predictable random number generator
On Tue, May 13, 2008 at 07:38:27PM +0000, Sam Morris wrote:
> On Tue, 13 May 2008 21:29:53 +0200, Vincent Bernat wrote:
>
> > - It seems that firefox does not handle CRL unless manually imported,
> > correct? This means that in most cases already issued certificates
> > are still vulnerable even revoked. A quick look seems to show that
> > most software do not handle CRL at all.
>
> Yes, x509 is fundamentally broken in the first place.
>
and how!
see http://www.cs.auckland.ac.nz/~pgut001/pubs/x509guide.txt
for more in this vein.
I never tire of reading that file ...
Regards,
Paddy
Reply to: