On 1/06/2014 5:13 AM, Andrew McGlashan wrote:
> The OCSP server not found issue is rare, in the past the /main/ CA's got
> together to discuss the OCSP issue and they create CDN's to deal with
> issues like not being able to connect the OCSP server. The page that
> was linked from /google's/ pov
There are a bug with Chromium in Wikipedia Edit/Change page. It's not
change or exit Wikipedia page edited. There are a "deadlock" (?) in my
five chromium windowz and more of 50 open pages. Please help me talk to
them. Thanks and I hope that help. (Sorry for this ugly english, I'm
not native speak
On 1/06/2014 7:07 AM, Michael Gilbert wrote:
> That's an incredibly difficult political, rather than technical
> problem. It's up to the entire ecosystem to move toward short-lived
> certificates, and that isn't happening any time soon. All other
> existing solutions are simply "security theater"
On Sat, May 31, 2014 at 05:28:59PM +0200, Kurt Roeckx wrote:
> I've just updated the chroots. But there is reason to be
> concerned that it was build against when there were some
> older packages installed.
That should have said "no reason".
Kurt
--
To UNSUBSCRIBE, email to debian-security-
On Sat, May 31, 2014 at 3:13 PM, Andrew McGlashan wrote:
> Google did have OCSP, but they deliberately removed it recently.
>
> FWIW, Steve Gibson has a very good take on all of this.
>
> The OCSP server not found issue is rare, in the past the /main/ CA's got
> together to discuss the OCSP issue a
On 1/06/2014 4:35 AM, Michael Gilbert wrote:
> On Sat, May 31, 2014 at 1:46 PM, Andrew McGlashan wrote:
>> We may see certificate stapling as an answer, but that won't be enough
>> if it cannot be certified to /require/ stapling in the cert itself.
>> There may be other solutions in time.
>>
>> You
On Sat, May 31, 2014 at 1:46 PM, Andrew McGlashan wrote:
> We may see certificate stapling as an answer, but that won't be enough
> if it cannot be certified to /require/ stapling in the cert itself.
> There may be other solutions in time.
>
> You are right in saying that the whole certificate revo
On Sun, Jun 01, 2014 at 03:46:35AM +1000, Andrew McGlashan wrote:
> We may see certificate stapling as an answer, but that won't be enough
> if it cannot be certified to /require/ stapling in the cert itself.
I've mailed the TLS workgroup about this very issue but didn't get
any reply.
Kurt
--
On 1/06/2014 12:31 AM, Michael Gilbert wrote:
> On Sat, May 31, 2014 at 7:44 AM, Andrew McGlashan wrote:
>> Does Chromium suffer from the Google decision to make use of OCSP
>> impossible? Therefore, an untrustworthy browser.
>
> Basically, the answer is the design of certificate revocation is
>
On Sat, May 31, 2014 at 12:26:45PM -0400, Michael Gilbert wrote:
> On Sat, May 31, 2014 at 12:19 PM, Kurt Roeckx wrote:
> > This is a manual, I currently see no need to automate it.
>
> Does buildd.debian.org provide any information about the up to
> dateness of its chroots? If this kind of infor
On Sat, May 31, 2014 at 12:19 PM, Kurt Roeckx wrote:
> This is a manual, I currently see no need to automate it.
Does buildd.debian.org provide any information about the up to
dateness of its chroots? If this kind of information were available,
it would help to determine whether a request for upd
On Sat, May 31, 2014 at 11:53:23AM -0400, Michael Gilbert wrote:
> On Sat, May 31, 2014 at 11:28 AM, Kurt Roeckx wrote:
> >> It could be nice if the stable buildds were kept more up to date.
> >> I've CC'd am...@buildd.debian.org to get their opinion on that.
> >
> > I've just updated the chroots.
On Sat, May 31, 2014 at 11:28 AM, Kurt Roeckx wrote:
>> It could be nice if the stable buildds were kept more up to date.
>> I've CC'd am...@buildd.debian.org to get their opinion on that.
>
> I've just updated the chroots. But there is reason to be
> concerned that it was build against when there
On Sat, May 31, 2014 at 10:25:28AM -0400, Michael Gilbert wrote:
> On Sat, May 31, 2014 at 5:27 AM, Georgi Naplatanov wrote:
> > When I choose "About Chromium" menu item it says:
> >
> > Version 35.0.1916.114 Built on Debian 7.1, running on Debian 7.5 (270117)
> >
> > Is that true that package for
On 05/31/2014 05:25 PM, Michael Gilbert wrote:
> On Sat, May 31, 2014 at 5:27 AM, Georgi Naplatanov wrote:
>> When I choose "About Chromium" menu item it says:
>>
>> Version 35.0.1916.114 Built on Debian 7.1, running on Debian 7.5 (270117)
>>
>> Is that true that package for AMD64 is built on Debia
On Sat, May 31, 2014 at 7:44 AM, Andrew McGlashan wrote:
> Does Chromium suffer from the Google decision to make use of OCSP
> impossible? Therefore, an untrustworthy browser.
Basically, the answer is the design of certificate revocation is
fundamentally flawed, and Google have their own security
On Sat, May 31, 2014 at 5:27 AM, Georgi Naplatanov wrote:
> When I choose "About Chromium" menu item it says:
>
> Version 35.0.1916.114 Built on Debian 7.1, running on Debian 7.5 (270117)
>
> Is that true that package for AMD64 is built on Debian 7.1?
> If yes, is using of this package secure?
Yes
On 31/05/2014 7:27 PM, Georgi Naplatanov wrote:
> On 05/31/2014 10:27 AM, Michael Gilbert wrote:
>> -
> Debian Security Advisory DSA-2939-1 secur...@debian.org
>> http://www.debian.org/security/
On 05/31/2014 10:27 AM, Michael Gilbert wrote:
> -
>
>
Debian Security Advisory DSA-2939-1 secur...@debian.org
> http://www.debian.org/security/ Michael
> Gilbert May 31, 2014
> http
19 matches
Mail list logo
