[security] SL comprimise
Eddy Nigg (StartCom Ltd.)
eddy_nigg at startcom.org
Wed Mar 30 22:04:51 UTC 2011
On 03/30/2011 11:33 PM, From John Bradley:
> However as you say if people don't manage the certificates in their
> root store they are more likely to see this sort of thing.
True.
> No CA is imune, sometimes customers shoot themselves in the foot,
> generating week keys etc.
The better CAs check for that when possible...but it's also correct
there is no 100% always. Otherwise there wouldn't be a bunch of bug
fixes and security updates with any kind of software all the time.
> We have to be able to deal with revoked certificates or we should not
> be using TLS security for a key part of openID trust.
Revocation status should be certainly checked.
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: startcom at startcom.org <xmpp:startcom at startcom.org>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20110331/e5d96c05/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6385 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20110331/e5d96c05/attachment-0001.p7s>
More information about the security
mailing list