Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory
| From: |
Dick Hardt <dick@sxip.com> |
| To: |
Ben Laurie <benl@google.com> |
| Cc: |
Eric Rescorla <ekr@networkresonance.com>,cryptography@metzdowd.com,Dave Korn <dave.korn@artimi.com>,full-disclosure@lists.grok.org.uk,bugtraq@securityfocus.com,OpenID List <general@openid.net>,security@openid.net |
| Subject: |
Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory |
| Date: |
Fri, 08 August 2008 17:29 GMT |
On 8-Aug-08, at 10:11 AM, Ben Laurie wrote:
>
> It also only fixes this single type of key compromise. Surely it is
> time to stop ignoring CRLs before something more serious goes wrong?
Clearly many implementors have chosen to *knowingly* ignore CRLs
despite the security implications, so my take away would be that the
current public key infrastructure is flawed.
-- Dick
|
|
|
