[android-security-discuss] SECURITY Conference 2011 (September 24th,Bangalore)

Hi, I got to know of an exciting event happening in Bangalore on September 24th I guess it will add a great value to all the SECURITY professionals in the Security domain. I believe it is worth attending as there are interesting topics. (See the Sessions below). The Conference starts at 9.00

[android-security-discuss] Re: OCSP/CRL support during SSL

This boils down to whether it is okay to prioritize availability over security. Still, the actual question remains: does the android browser support CRL or OCSP in any form? And since CRLs can be cached, it would be perfectly sane to have a cached CRL on device for an intermediate that has been

Re: [android-security-discuss] Re: OCSP/CRL support during SSL

On Thu, Sep 8, 2011 at 9:33 AM, nlsp niels.po...@gmail.com wrote: This boils down to whether it is okay to prioritize availability over security. Availability is a security guarantee just like confidentiality or integrity. Still, the actual question remains: does the android browser support

Re: [android-security-discuss] Re: OCSP/CRL support during SSL

On Thu, Sep 8, 2011 at 10:12 AM, Chris Palmer snackypa...@gmail.com wrote: On Thu, Sep 8, 2011 at 9:33 AM, nlsp niels.po...@gmail.com wrote: This boils down to whether it is okay to prioritize availability over security. Availability is a security guarantee just like confidentiality or

[android-security-discuss] Re: OCSP/CRL support during SSL

On Sep 8, 7:12 pm, Chris Palmer snackypa...@gmail.com wrote: On Thu, Sep 8, 2011 at 9:33 AM, nlsp niels.po...@gmail.com wrote: This boils down to whether it is okay to prioritize availability over security. Availability is a security guarantee just like confidentiality or integrity. I

Re: [android-security-discuss] Re: OCSP/CRL support during SSL

On 2011-09-08 20:02, nlsp wrote: On Sep 8, 7:12 pm, Chris Palmersnackypa...@gmail.com wrote: On Thu, Sep 8, 2011 at 9:33 AM, nlspniels.po...@gmail.com wrote: This boils down to whether it is okay to prioritize availability over security. Availability is a security guarantee just like

Re: [android-security-discuss] Re: OCSP/CRL support during SSL

On Thu, 08 Sep 2011 20:37:46 +0200 polishcode wrote: On the other hand, Opera browser does not contain info on CA's. In order to check a certificate path, it consults Opera's server, which is a central (and the only one) place to hold such info. Does it use a secure connection for this?

Re: [android-security-discuss] Re: OCSP/CRL support during SSL

On 2011-09-08 22:12, Kevin Chadwick wrote: On Thu, 08 Sep 2011 20:37:46 +0200 polishcode wrote: On the other hand, Opera browser does not contain info on CA's. In order to check a certificate path, it consults Opera's server, which is a central (and the only one) place to hold such info. Does

Re: [android-security-discuss] Re: OCSP/CRL support during SSL

On Thu, 08 Sep 2011 21:23:50 +0200 polishcode polishc...@gmail.com wrote: Please refer to the link I supplied above: http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2. What else could it transmit? Everything or nothing. False sense of security is

Re: [android-security-discuss] Re: OCSP/CRL support during SSL

On 2011-09-08 22:36, Kevin Chadwick wrote: On Thu, 08 Sep 2011 21:23:50 +0200 polishcodepolishc...@gmail.com wrote: Please refer to the link I supplied above: http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2. What else could it transmit? Everything