By default, pollinate trusts only the cert chain shipped in the packaging, so the CA tampering you describe cannot happen I believe? This is in the FAQ.
> which allows an adversary to taint the entropy pool >From Dustin's original presentation, "tainting the entropy pool" isn't a thing (cryptographically speaking) as I understand it. An attacker can DoS you acquire entropy, but cannot make your entropy pool worse by supplying "fake entropy". This is in the FAQ. See the FAQ at http://blog.dustinkirkland.com/2014/02/random-seeds-in- ubuntu-1404-lts-cloud.html -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1634346 Title: https://entropy.ubuntu.com lacks Perfect Forward Secrecy (PFS) and has certificate chain issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pollen/+bug/1634346/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
