| |||||||||||||
|
| |||||||||||||
SSL Certificates Vulnerable to OpenSSL Flaw on Debian (Netcraft)SSL Certificates Vulnerable to OpenSSL Flaw on Debian (Netcraft)Posted Jun 16, 2008 18:57 UTC (Mon) by jwb (guest, #15467)Parent article: SSL Certificates Vulnerable to OpenSSL Flaw on Debian (Netcraft)
Has Mozilla.org audited the root certs they ship for this problem? What about Microsoft? Opera? Apple?
(Log in to post comments)
SSL Certificates Vulnerable to OpenSSL Flaw on Debian (Netcraft) Posted Jun 16, 2008 19:14 UTC (Mon) by cortana (subscriber, #24596) [Link] According to https://bugzilla.mozilla.org/show_bug.cgi?id=435082 they have.
SSL Certificates Vulnerable to OpenSSL Flaw on Debian (Netcraft) Posted Jun 17, 2008 0:02 UTC (Tue) by endecotp (guest, #36428) [Link] Interesting quote from Juergen Schmidt in that bug: "We asked if Verisign and Comodo are goig to contact the owners of weak keys -- they won't." That strikes me as a poor attitude. I was also disappointed to read that Mozilla doesn't actually check certificate revocation lists. My idea that the card processors should go after their customers looks like the only option left....
SSL Certificates Vulnerable to OpenSSL Flaw on Debian (Netcraft) Posted Jun 18, 2008 20:06 UTC (Wed) by ewen (subscriber, #4772) [Link] Interestingly just yesterday I got an email from Comodo about a weak SSL certificate advising how to get it reissued for free. (Which was a useful email because the certificate is on a system that wasn't vulnerable, but it turns out the key material had been created on a vulnerable system.) They're also apparently going to add the vulnerable certificates to their revocation list soon. Although as you say I'm not sure how widely those revocation lists are checked by applications. Ewen
|
|
||||||||||||