Re: More on heartbeat/bleed

To: debian-user@lists.debian.org
Subject: Re: More on heartbeat/bleed
From: Erwan David <erwan@rail.eu.org>
Date: Wed, 16 Apr 2014 13:04:55 +0200
Message-id: <[🔎] 20140416110455.GB15331@rail.eu.org>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] CAAr43iOyAhh9sCtjFjb1eD08054RUv2V0qnZ-AiA_Wf5N-7-BQ@mail.gmail.com>
References: <[🔎] CAAr43iOyAhh9sCtjFjb1eD08054RUv2V0qnZ-AiA_Wf5N-7-BQ@mail.gmail.com>

On Wed, Apr 16, 2014 at 12:35:23PM CEST, Joel Rees <joel.rees@gmail.com> said:
> 
> For those who are getting excited, don't. Take the time to understand the
> whole process, and the reason certificates and cryptographic tokens should
> be rotated, and how you go about doing it. (They should be rotated anyway,
> and if you don't, well, it's time to start leaning how, and this is as good
> a reason as any.)
> 
> Incidentally, nobody does it right yet, not even the banks. In my way of
> thinking, that's a bigger problem than being able to reach blindly into a
> server's memory.

Some do, however only ther certificate expires, not the keys...

Thus many of those who rotate the certificate just issue a new one
with existing key, just changing the dates and signing.

And that's bad.

Reply to:

Follow-Ups:
- Re: More on heartbeat/bleed
  - From: Joel Rees <joel.rees@gmail.com>

References:
- More on heartbeat/bleed
  - From: Joel Rees <joel.rees@gmail.com>

Prev by Date: More on heartbeat/bleed
Next by Date: Re: Duplicate sources.list entry
Previous by thread: More on heartbeat/bleed
Next by thread: Re: More on heartbeat/bleed
Index(es):
- Date
- Thread