On May 16, 2006, at 11:05 AM, Mark O'Neill wrote:
I have put it forward to Dave that r3 should not only fix the issue, but should change the algorithm such that classes encrypted from r3 should not be importable into r1 or r2. Extreme, perhaps, but desperate times call for desperate measures.
This is exactly what is needed. It is not extreme considering that the vulnerability was made public (not that I blame you).
Just like if your product serial numbers were posted on the internet, or even worse that the algorithm or serial generator was posted, you would invalidate the public serial numbers and probably start working on a new serial number algorithm/system.
_______________________________________________ Unsubscribe or switch delivery mode: <http://www.realsoftware.com/support/listmanager/> Search the archives of this list here: <http://support.realsoftware.com/listarchives/lists.html>
