OK so some examples do exist. But really what proportion of real world
compromises do not involve something bone headed like using a 512 bit key
for DKIM signatures?

What I am saying here is not 'don't do CT', I am saying that we have to
make the ease of administration a high priority in the design.


On Thu, Nov 1, 2012 at 3:52 PM, Ben Laurie <b...@google.com> wrote:

> On 1 November 2012 18:38, Phillip Hallam-Baker <hal...@gmail.com> wrote:
> > Again, does it appear so subtle after it has been discovered?
>
> Well, I find I have to remind myself how it works. So ... yeah.
>
> Also, I assumed Bliechanbacher was the exponent 3 thing, which was
> also pretty subtle.
>
> >
> > Would the flaw have been discovered sooner if there was not so much dead
> > code?
>
> I don't think dead code had any influence on either of these.
>
> >
> >
> > On Thu, Nov 1, 2012 at 2:35 PM, Ben Laurie <b...@google.com> wrote:
> >>
> >> On 1 November 2012 18:00, Stephen Farrell <stephen.farr...@cs.tcd.ie>
> >> wrote:
> >> >
> >> >
> >> > On 11/01/2012 05:22 PM, Phillip Hallam-Baker wrote:
> >> >> Having worked in Web security over 20 years now, I have still to see
> a
> >> >> case
> >> >> where a system was breached because of a really subtle design flaw.
> >> >
> >> > Bleichenbacher?
> >>
> >> TLS renegotiation?
> >>
> >> >
> >> > S.
> >> > _______________________________________________
> >> > therightkey mailing list
> >> > therightkey@ietf.org
> >> > https://www.ietf.org/mailman/listinfo/therightkey
> >
> >
> >
> >
> > --
> > Website: http://hallambaker.com/
> >
>



-- 
Website: http://hallambaker.com/
_______________________________________________
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey

Reply via email to