On Mon, May 27, 2019 at 06:06:42AM +0300, Ryan Sleevi wrote:
> On Mon, May 27, 2019 at 4:34 AM Matt Palmer via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> > That sounds an *awful* lot like Heartbleed: "a [...] proven method that
> > exposes the Subscriber's Private Key t
On Mon, May 27, 2019 at 4:34 AM Matt Palmer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hi everyone,
>
> In pondering ways of getting yet more keys for pwnedkeys.com, my mind
> turned
> to everyone's favourite bug, Heartbleed. Whilst hitting all the vulnerable
> serv
On Sun, May 26, 2019 at 06:57:08PM -0700, Han Yuwei via dev-security-policy
wrote:
> If malloc() is correctly implemented, private keys are secure from
> Heartbleed. So
> I think it doesn't meet the criteria.
Just to make sure I'm understanding you correctly, you're saying that being
vulnerable
If malloc() is correctly implemented, private keys are secure from Heartbleed.
So
I think it doesn't meet the criteria. CAs can't revoke a certificate without
noticing
subscriber in advance.
But if any bugs found in future which can retrieve private keys from TLS
endpoints,
you can just use au
Hi everyone,
In pondering ways of getting yet more keys for pwnedkeys.com, my mind turned
to everyone's favourite bug, Heartbleed. Whilst hitting all the vulnerable
servers and pulling their keys is eminently possible (see, as just one
example, https://github.com/robertdavidgraham/heartleech), I
5 matches
Mail list logo