On 4/24/14, 10:15 AM, Eddy Nigg wrote:
On 04/24/2014 05:04 AM, Radu Hociung wrote:
On Wednesday, April 23, 2014 6:00:41 PM UTC-4, Eddy Nigg wrote:
I do have a few questions to you! How can you know that a site using a
certificate from ANY CA isn't or wasn't affected by the Heartbleed bug?
I'm planning on a more thorough answer that cross references the SSL
observatory data from 2010 with a fresh update, and with published
CRLs. One would expect that each CA would have about 17% of their
issued certificates be revoked and re-keyed due to heartbleed. In a
day or two I should have some stats.
Don't waste your time, I'll help you....: https://isc.sans.edu/crls.html
In case anyone missed this one:
http://blog.cloudflare.com/the-hard-costs-of-heartbleed
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
