|
|
BugTraq
Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 03:06PM Eric Rescorla (ekr networkresonance com) (2 replies) RE: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 12 2008 08:55AM Clausen, Martin (DK - Copenhagen) (mclausen deloitte dk) (2 replies) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 12 2008 02:42PM Ben Laurie (benl google com) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 12 2008 01:31PM Ben Laurie (benl google com) RE: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 04:31PM Dave Korn (dave korn artimi com) (2 replies) RE: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 05:04PM Leichter, Jerry (leichter_jerrold emc com) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 04:57PM Eric Rescorla (ekr networkresonance com) (4 replies) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 05:49PM pgut001 cs auckland ac nz (Peter Gutmann) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 05:43PM Dan Kaminsky (dan doxpara com) (3 replies) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 10:29PM Stefan Kanthak (stefan kanthak nexgo de) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 06:20PM Eric Rescorla (ekr networkresonance com) (3 replies) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 09:28PM Florian Weimer (fw deneb enyo de) key blacklisting & file size (was: OpenID/Debian PRNG/DNS Cache poisoning advisory) Aug 08 2008 08:04PM Solar Designer (solar openwall com) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 07:33PM Nicolas Williams (Nicolas Williams sun com) (1 replies) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 07:52PM Leichter, Jerry (leichter_jerrold emc com) (1 replies) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 08:33PM Eric Rescorla (ekr networkresonance com) (2 replies) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 09 2008 01:37AM Forrest J. Cavalier III (mibsoft mibsoftware com) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 08:51PM Leichter, Jerry (leichter_jerrold emc com) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 05:11PM Ben Laurie (benl google com) (1 replies) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 06:08PM Perry E. Metzger (perry piermont com) (1 replies) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 06:47PM Nicolas Williams (Nicolas Williams sun com) (1 replies) Re: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 07:35PM Paul Hoffman (paul hoffman vpnc org) (1 replies) RE: OpenID/Debian PRNG/DNS Cache poisoning advisory Aug 08 2008 05:08PM Dave Korn (dave korn artimi com) |
|
Privacy Statement |
> At 1:47 PM -0500 8/8/08, Nicolas Williams wrote:
> >On Fri, Aug 08, 2008 at 02:08:37PM -0400, Perry E. Metzger wrote:
> >> The kerberos style of having credentials expire very quickly is one
> >> (somewhat less imperfect) way to deal with such things, but it is far
> >> from perfect and it could not be done for the ad-hoc certificate
> >> system https: depends on -- the infrastructure for refreshing all the
> >> world's certs every eight hours doesn't exist, and if it did imagine
> >> the chaos if it failed for a major CA one fine morning.
> >
> >The PKIX moral equivalent of Kerberos V tickets would be OCSP Responses.
> >
> >I understand most current browsers support OCSP.
>
> ...and only a tiny number of CAs do so.
Not that long ago nothing supported OCSP. If all that's left (ha) is
the CAs then we're in good shape. (OCSP services can be added without
modifying a CA -- just issue the OCSP Responders their certs and let
them use CRLs are their source of revocation information.)
[ reply ]