> From: David Lang [mailto:da...@lang.hm] > > This is where I disagree. With heartbleed, any single site could be > compromised > just as easily, the only difference is that the password they got would not > get > them into any other site.
You are still missing the point. Suppose you're a server that I login to. Suppose you are compromised by heartbleed. Since the most I ever sent you was my public key, there is absolutely no information compromised that would allow the attacker to impersonate me *anywhere* including the compromised server. You said "the password they got would not get them into any other site." The things that are wrong with this statement are: 1: They didn't get any password and 2: What they did get (a public key) is insufficient to get them in even at the compromised site. And definitely not anywhere else. _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
