On Monday, May 27, 2019, Matt Palmer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Mon, May 27, 2019 at 06:06:42AM +0300, Ryan Sleevi wrote:
> > On Mon, May 27, 2019 at 4:34 AM Matt Palmer via dev-security-policy <
> > dev-security-policy@lists.mozilla.org> wrote:
>
On Mon, May 27, 2019 at 06:06:42AM +0300, Ryan Sleevi wrote:
> On Mon, May 27, 2019 at 4:34 AM Matt Palmer via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
> > That sounds an *awful* lot like Heartbleed: "a [...] proven method that
> > exposes the Subscriber's Private Key
On Mon, May 27, 2019 at 4:34 AM Matt Palmer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> Hi everyone,
>
> In pondering ways of getting yet more keys for pwnedkeys.com, my mind
> turned
> to everyone's favourite bug, Heartbleed. Whilst hitting all the vulnerable
>
If malloc() is correctly implemented, private keys are secure from Heartbleed.
So
I think it doesn't meet the criteria. CAs can't revoke a certificate without
noticing
subscriber in advance.
But if any bugs found in future which can retrieve private keys from TLS
endpoints,
you can just use
4 matches
Mail list logo
