Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory

From: Dick Hardt <dick@sxip.com>
To: Ben Laurie <benl@google.com>
Cc: Eric Rescorla <ekr@networkresonance.com>,cryptography@metzdowd.com,Dave Korn <dave.korn@artimi.com>,full-disclosure@lists.grok.org.uk,bugtraq@securityfocus.com,OpenID List <general@openid.net>,security@openid.net
Subject: Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory
Date:


On 8-Aug-08, at 10:11 AM, Ben Laurie wrote:
>
> It also only fixes this single type of key compromise. Surely it is
> time to stop ignoring CRLs before something more serious goes wrong?

Clearly many implementors have chosen to *knowingly* ignore CRLs  
despite the security implications, so my take away would be that the  
current public key infrastructure is flawed.

-- Dick





Copyright © 1995-2021 LinuxRocket.net. All rights reserved.