On 07/08/17 19:09, Salz, Rich wrote:
>> A while ago, if I'm not mistaken, I glimpsed some report of vulnerabilities
>> caused by incorrect public key comparison.
> There was a recent issue raised by Hanno about incorrect public/private key 
> matching leading to incorrect revocation of a certificate; was that what you 
> were thinking of?
Thanks Rich, I was able to find it now. The issue apparently affects
public/private key matching, not public/public key matching, so it
shouldn't be a concern for mTLS:



Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

OAuth mailing list

Reply via email to