(As far as I know, Apple has not fixed their desktop/server software either. The folks that have to deal with it are still hacking solutions [1]. Its not a big surprise, since Apple's PKI appears to be generally broken from a programmer's perspective [2]).
http://www.pcworld.com/businesscenter/article/239607/diginotar_certificates_are_pulled_but_not_on_smartphones.html Browser makers have generally been quick to react to the computer compromise at digital certificate issuer DigiNotar, but that hasn't been the case for all mobile phone makers. On Tuesday neither Google nor Apple would comment on whether they plan to revoke certificates issued by DigiNotar for Android or the iPhone, even as desktop software makers pulled the plug on the Dutch company's certificates. Apple hasn't said anything about the DigiNotar situation since it was disclosed last week, but Google was quick to revoke the company's certificates for its Chrome browser last week. Its silence Tuesday spoke to the complexity of its situation as both a victim of the attacks and a provider of the software that can thwart them. The problem is that Google's Android phones are updated via mobile phone carriers, companies that are typically much slower to issue patches than PC software vendors such as Microsoft. ... [1] "Apple's Rogue DigiNotar CA mitigation?", http://lists.apple.com/archives/fed-talk/2011/Sep/msg00003.html [2] "SecKeyRef object without KeyChain", http://lists.apple.com/archives/apple-cdsa/2009/Sep/msg00007.html _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
