OK so some examples do exist. But really what proportion of real world compromises do not involve something bone headed like using a 512 bit key for DKIM signatures?
What I am saying here is not 'don't do CT', I am saying that we have to make the ease of administration a high priority in the design. On Thu, Nov 1, 2012 at 3:52 PM, Ben Laurie <b...@google.com> wrote: > On 1 November 2012 18:38, Phillip Hallam-Baker <hal...@gmail.com> wrote: > > Again, does it appear so subtle after it has been discovered? > > Well, I find I have to remind myself how it works. So ... yeah. > > Also, I assumed Bliechanbacher was the exponent 3 thing, which was > also pretty subtle. > > > > > Would the flaw have been discovered sooner if there was not so much dead > > code? > > I don't think dead code had any influence on either of these. > > > > > > > On Thu, Nov 1, 2012 at 2:35 PM, Ben Laurie <b...@google.com> wrote: > >> > >> On 1 November 2012 18:00, Stephen Farrell <stephen.farr...@cs.tcd.ie> > >> wrote: > >> > > >> > > >> > On 11/01/2012 05:22 PM, Phillip Hallam-Baker wrote: > >> >> Having worked in Web security over 20 years now, I have still to see > a > >> >> case > >> >> where a system was breached because of a really subtle design flaw. > >> > > >> > Bleichenbacher? > >> > >> TLS renegotiation? > >> > >> > > >> > S. > >> > _______________________________________________ > >> > therightkey mailing list > >> > therightkey@ietf.org > >> > https://www.ietf.org/mailman/listinfo/therightkey > > > > > > > > > > -- > > Website: http://hallambaker.com/ > > > -- Website: http://hallambaker.com/
_______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey