Hi,
Michael Orlitzky wrote:
>> If you are aware about any other know attacks, please share.
>
> Replay attacks, mentioned in the RFC (or Google). These could be
> mitigated, but no one has bothered.
The OCSP response is signed. The signature contains a time stamp. If
your clock is right, replay
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 11/06/2013 02:11 PM, Thomas D. wrote:
>
> This is going OT but I cannot leave this statement uncommented,
> because from my knowledge this is wrong/you are hiding important
> information everyone should know about:
I figure everyone here is smart
Hi,
mingdao wrote:
> Now, if any one of us turned off OCSP as Michael suggested, what should one do
> after turning it back on? Could there now be certificates trusted there which
> should not be?
Well, only your current browser session can be affected. For Firefox:
History -> Clear Recent His
On Wed, Nov 06, 2013 at 08:11:52PM +0100, Thomas D. wrote:
> Hi,
>
> Michael Orlitzky wrote:
> > You should disable OCSP anyway. In Firefox, it's under,
> >
> > Edit -> Preferences -> Advanced -> Encryption -> Validation
> >
> > The OCSP protocol is itself is vulnerable to MITM attacks, which
Hi,
Michael Orlitzky wrote:
> You should disable OCSP anyway. In Firefox, it's under,
>
> Edit -> Preferences -> Advanced -> Encryption -> Validation
>
> The OCSP protocol is itself is vulnerable to MITM attacks, which is cute
> when you consider its purpose.
>
> Moreover, it sends the addres
On 11/05/2013 10:39 AM, Michael Orlitzky wrote:
> On 11/05/2013 09:49 AM, mingdao wrote:
>>
>> Flameeyes wrote the following blog post concerning this issue:
>>
>> http://blog.flameeyes.eu/2012/10/may-i-have-a-network-connection-please
>>
>> and the link gives me a (Error code: sec_error_ocsp_unkno
On Tue, Nov 05, 2013 at 11:39:10AM -0500, Michael Orlitzky wrote:
>
> You should disable OCSP anyway. In Firefox, it's under,
>
> Edit -> Preferences -> Advanced -> Encryption -> Validation
>
> The OCSP protocol is itself is vulnerable to MITM attacks, which is cute
> when you consider its pur
On 11/05/2013 09:49 AM, mingdao wrote:
>
> Flameeyes wrote the following blog post concerning this issue:
>
> http://blog.flameeyes.eu/2012/10/may-i-have-a-network-connection-please
>
> and the link gives me a (Error code: sec_error_ocsp_unknown_cert).
>
You should disable OCSP anyway. In Fire
On Tue, 5 Nov 2013 08:49:15 -0600
mingdao wrote:
> and the link gives me a (Error code: sec_error_ocsp_unknown_cert).
The certificate expired; I guess it'll be fixed soon, as he gets back.
--
With kind regards,
Tom Wijsman (TomWij)
Gentoo Developer
E-mail address : tom...@gentoo.org
GPG Pub
On Mon, Nov 04, 2013 at 09:30:07PM -0600, William Hubbs wrote:
> All,
>
> I would like to remind everyone about the tracker for services that are
> misusing "need net" in their OpenRC init scripts [1].
>
> "need net" should be removed from our init scripts, because it is bogus
> and breaks things
All,
I would like to remind everyone about the tracker for services that are
misusing "need net" in their OpenRC init scripts [1].
"need net" should be removed from our init scripts, because it is bogus
and breaks things. I also question the value of "use net", because the
same thinking applies,
11 matches
Mail list logo
