On 14 June 2013 14:08, Rob Stradling <rob.stradl...@comodo.com> wrote:
> On 14/06/13 13:58, Ben Laurie wrote:
>>
>> On 14 June 2013 13:57, Rob Stradling <rob.stradl...@comodo.com> wrote:
>
> <snip>
>
>>> Safari's User-Agent string reveals the OSX version that it is running on.
>>> A
>>> few weeks ago I analyzed some webserver logs to get an idea of historical
>>> OSX update rates.  Based on that analysis, I forecast that the majority
>>> of
>>> OSX 10.8.x users will install the 10.8.4 update, but that a significant
>>> minority won't.
>>
>>
>> I guess then we need to know why? And would they upgrade Safari alone?
>
>
> Apparently the ECDHE-ECDSA bug is in SecureTransport, which is an integral
> component of OSX.

https://developer.apple.com/library/mac/#documentation/security/Reference/secureTransportRef/Reference/reference.html
seems to suggest it is a library.

>
>
>>>>>>> No server administrator will want to deploy ECDHE-ECDSA if it means
>>>>>>> breaking
>>>>>>> compatibility with even a small fraction of deployed browsers.  Hence
>>>>>>> why
>>>>>>> this patch is, unfortunately, necessary.
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> What is _necessary_ is that Apple accept responsibility for their
>>>>>> errors
>>>>>> :-)
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Agreed.
>>>>>
>>>>> Sadly, the OSX 10.8.4 changelog doesn't even mention the ECDHE-ECDSA
>>>>> bugfix.
>>>>>
>>>>>
>>>>>> Why are we chasing after them cleaning up their messes?
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> Because we want ECDHE-ECDSA to be deployable.
>>>>>
>>>>>
>>>>> --
>>>>> Rob Stradling
>>>>> Senior Research & Development Scientist
>>>>> COMODO - Creating Trust Online
>>>>>
>>>>
>>>
>>> --
>>> Rob Stradling
>>> Senior Research & Development Scientist
>>> COMODO - Creating Trust Online
>>> Office Tel: +44.(0)1274.730505
>>> Office Fax: +44.(0)1274.730909
>>> www.comodo.com
>>>
>>> COMODO CA Limited, Registered in England No. 04058690
>>> Registered Office:
>>>    3rd Floor, 26 Office Village, Exchange Quay,
>>>    Trafford Road, Salford, Manchester M5 3EQ
>>>
>>> This e-mail and any files transmitted with it are confidential and
>>> intended
>>> solely for the use of the individual or entity to whom they are
>>> addressed.
>>> If you have received this email in error please notify the sender by
>>> replying to the e-mail containing this attachment. Replies to this email
>>> may
>>> be monitored by COMODO for operational or business reasons. Whilst every
>>> endeavour is taken to ensure that e-mails are free from viruses, no
>>> liability can be accepted and the recipient is requested to use their own
>>> virus checking software.
>>
>>
>
> --
> Rob Stradling
> Senior Research & Development Scientist
> COMODO - Creating Trust Online
> Office Tel: +44.(0)1274.730505
> Office Fax: +44.(0)1274.730909
> www.comodo.com
>
> COMODO CA Limited, Registered in England No. 04058690
> Registered Office:
>   3rd Floor, 26 Office Village, Exchange Quay,
>   Trafford Road, Salford, Manchester M5 3EQ
>
> This e-mail and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify the sender by
> replying to the e-mail containing this attachment. Replies to this email may
> be monitored by COMODO for operational or business reasons. Whilst every
> endeavour is taken to ensure that e-mails are free from viruses, no
> liability can be accepted and the recipient is requested to use their own
> virus checking software.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to