Thanks for the informative links! This clears up a lot of the misconceptions. Believe that this service was spotted on the desktop version as well so it may be used not just in could services, hence the concern. But I think a lot of this is cleared up. Yes, the PFS would be the only issue if curl is really fully validating the cert chain. will test that soon. PFA could protect against a web server key compromise and potentially also if TLS session tickets are leaked.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1634346 Title: https://entropy.ubuntu.com lacks Perfect Forward Secrecy (PFS) and has certificate chain issues To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/pollen/+bug/1634346/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
