Hi,
Michael Orlitzky wrote:
You should disable OCSP anyway. In Firefox, it's under,
Edit - Preferences - Advanced - Encryption - Validation
The OCSP protocol is itself is vulnerable to MITM attacks, which is cute
when you consider its purpose.
Moreover, it sends the address of every
On Wed, Nov 06, 2013 at 08:11:52PM +0100, Thomas D. wrote:
Hi,
Michael Orlitzky wrote:
You should disable OCSP anyway. In Firefox, it's under,
Edit - Preferences - Advanced - Encryption - Validation
The OCSP protocol is itself is vulnerable to MITM attacks, which is cute
when
Hi,
mingdao wrote:
Now, if any one of us turned off OCSP as Michael suggested, what should one do
after turning it back on? Could there now be certificates trusted there which
should not be?
Well, only your current browser session can be affected. For Firefox:
History - Clear Recent
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/06/2013 02:11 PM, Thomas D. wrote:
This is going OT but I cannot leave this statement uncommented,
because from my knowledge this is wrong/you are hiding important
information everyone should know about:
I figure everyone here is smart
Hi,
Michael Orlitzky wrote:
If you are aware about any other know attacks, please share.
Replay attacks, mentioned in the RFC (or Google). These could be
mitigated, but no one has bothered.
The OCSP response is signed. The signature contains a time stamp. If
your clock is right, replay
On Mon, Nov 04, 2013 at 09:30:07PM -0600, William Hubbs wrote:
All,
I would like to remind everyone about the tracker for services that are
misusing need net in their OpenRC init scripts [1].
need net should be removed from our init scripts, because it is bogus
and breaks things. I also
On Tue, 5 Nov 2013 08:49:15 -0600
mingdao gentoo-...@happypenguincomputers.com wrote:
and the link gives me a (Error code: sec_error_ocsp_unknown_cert).
The certificate expired; I guess it'll be fixed soon, as he gets back.
--
With kind regards,
Tom Wijsman (TomWij)
Gentoo Developer
E-mail
On 11/05/2013 09:49 AM, mingdao wrote:
Flameeyes wrote the following blog post concerning this issue:
http://blog.flameeyes.eu/2012/10/may-i-have-a-network-connection-please
and the link gives me a (Error code: sec_error_ocsp_unknown_cert).
You should disable OCSP anyway. In Firefox,
On Tue, Nov 05, 2013 at 11:39:10AM -0500, Michael Orlitzky wrote:
You should disable OCSP anyway. In Firefox, it's under,
Edit - Preferences - Advanced - Encryption - Validation
The OCSP protocol is itself is vulnerable to MITM attacks, which is cute
when you consider its purpose.
On 11/05/2013 10:39 AM, Michael Orlitzky wrote:
On 11/05/2013 09:49 AM, mingdao wrote:
Flameeyes wrote the following blog post concerning this issue:
http://blog.flameeyes.eu/2012/10/may-i-have-a-network-connection-please
and the link gives me a (Error code: sec_error_ocsp_unknown_cert).
All,
I would like to remind everyone about the tracker for services that are
misusing need net in their OpenRC init scripts [1].
need net should be removed from our init scripts, because it is bogus
and breaks things. I also question the value of use net, because the
same thinking applies, e.g.
11 matches
Mail list logo
