Bug#744027: Please remove StartCom Certification Authority root certificate

On Wed, 9 Apr 2014, Geoffrey Thomas wrote: This only affects certs that were used on vulnerable versions of OpenSSL with allocation schemes that actually loaded the private key into freed memory that could be returned. I haven't seen a valid claim that this is anywhere near a significant

Bug#744027: Please remove StartCom Certification Authority root certificate

Package: ca-certificates Following the OpenSSL CVE-2014-0160 Heartbleed vulnerability [1,2], any certificate that was used with an vulnerable version of OpenSSL (I read somewhere 1/3 of the web) should be handled as it is compromised. Compromised certificates have to be replaced with new ones

Bug#744027: Please remove StartCom Certification Authority root certificate

Control: forwarded -1 https://bugzilla.mozilla.org/show_bug.cgi?id=994033 On 04/09/2014 08:07 AM, Klemens Baum wrote: Following the OpenSSL CVE-2014-0160 Heartbleed vulnerability [1,2], any certificate that was used with an vulnerable version of OpenSSL (I read somewhere 1/3 of the web) should

Bug#744027: Please remove StartCom Certification Authority root certificate

Op woensdag 9 april 2014 15:07:08 schreef Klemens Baum: Package: ca-certificates Following the OpenSSL CVE-2014-0160 Heartbleed vulnerability [1,2], any certificate that was used with an vulnerable version of OpenSSL (I read somewhere 1/3 of the web) should be handled as it is compromised.

Bug#744027: Please remove StartCom Certification Authority root certificate

On Wed, Apr 09, 2014 at 03:48:56PM +0200, Thijs Kinkhorst wrote: Whatever you and I think of this pricing structure, people free to chose any provider of certificates that matches their pricing interest and that people are knowingly or should be knowlingly buying a product that has a certain

Bug#744027: Please remove StartCom Certification Authority root certificate

Control: tag -1 wontfix On Wednesday 09 April 2014 15:39:25 Michael Shuler wrote: [...] If mozilla believes this is justification for removal, which I doubt will happen, then the same will happen in ca-certificates. Debian ca-certificates users may remove trust locally at any time, if they

Bug#744027: Please remove StartCom Certification Authority root certificate

On Wed, 9 Apr 2014, Klemens Baum wrote: StartCom provides cheap and even free SSL certificates via the StartSSL brand. However, certificates revoking cerificates requires a US$ 24.90 fee [3]. This discourages responsible sysadmin procedure and and will ensure many compromised certificates