Bugtraq mailing list archives

Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory

From: Dick Hardt <dick () sxip com>
Date: Fri, 8 Aug 2008 10:29:24 -0700

On 8-Aug-08, at 10:11 AM, Ben Laurie wrote:


It also only fixes this single type of key compromise. Surely it is
time to stop ignoring CRLs before something more serious goes wrong?

Clearly many implementors have chosen to *knowingly* ignore CRLsdespite the security implications, so my take away would be that thecurrent public key infrastructure is flawed.


-- Dick

Current thread:

OpenID/Debian PRNG/DNS Cache poisoning advisory Ben Laurie (Aug 08)
- <Possible follow-ups>
- Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Eric Rescorla (Aug 08)
  - RE: OpenID/Debian PRNG/DNS Cache poisoning advisory Dave Korn (Aug 08)
    - Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Eric Rescorla (Aug 08)
    - Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Ben Laurie (Aug 08)
    - Re: [OpenID] OpenID/Debian PRNG/DNS Cache poisoning advisory Dick Hardt (Aug 08)
    - Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Perry E. Metzger (Aug 08)
    - Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Nicolas Williams (Aug 08)
    - Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Paul Hoffman (Aug 08)
    - Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Nicolas Williams (Aug 08)
    - RE: OpenID/Debian PRNG/DNS Cache poisoning advisory Dave Korn (Aug 08)
    - Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Peter Gutmann (Aug 08)
    - Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Dan Kaminsky (Aug 08)
    - Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Eric Rescorla (Aug 08)
    - Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Nicolas Williams (Aug 08)
    - Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Leichter, Jerry (Aug 08)

(Thread continues...)