On 03/30/2011 11:33 PM, From John Bradley:
However as you say if people don't manage the certificates in their root store they are more likely to see this sort of thing.
True.
No CA is imune, sometimes customers shoot themselves in the foot, generating week keys etc.
The better CAs check for that when possible...but it's also correct there is no 100% always. Otherwise there wouldn't be a bunch of bug fixes and security updates with any kind of software all the time.
We have to be able to deal with revoked certificates or we should not be using TLS security for a key part of openID trust.
Revocation status should be certainly checked.
Regards
Signer: Eddy Nigg, COO/CTO
StartCom Ltd. <http://www.startcom.org>
XMPP: [email protected] <xmpp:[email protected]>
Blog: Join the Revolution! <http://blog.startcom.org>
Twitter: Follow Me <http://twitter.com/eddy_nigg>
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ security mailing list [email protected] http://lists.openid.net/mailman/listinfo/openid-security
