On Wed, 13 May 2020 02:29:07 +0000 Peter Gutmann via dev-security-policy <[email protected]> wrote:
> Following up on this, would it be correct to assume that, since > no-one has pointed out any impact that this had on anything, that > it's more a certificational issue than anything with real-world > consequences? I have reported (and noticed) it because it had an impact. The impact it had was a monitoring system that checked whether the certificate of a host was okay, using gnutls-cli with ocsp enabled (which also uncovered a somewhat unexpected inconsistency in how the gnutls cli tool behaves[1]). Not saying this is a particularly severe impact, however it took me some time figuring out what's going on there. It may very well that others have experienced impact that they were unable to explain. [1] https://gitlab.com/gnutls/gnutls/-/issues/981 -- Hanno Böck https://hboeck.de/ _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
