[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lists] Re: [Full-Disclosure] Administrivia: List Compromised dueto MailmanVulnerability

To: "Curt Purdy" <purdy@xxxxxxxxxx>
To: "'Anders Langworthy'" <hades@xxxxxxxxxxxxxxxx>
To: Valdis.Kletnieks@xxxxxx
Subject: Re: [lists] Re: [Full-Disclosure] Administrivia: List Compromised dueto MailmanVulnerability
From: "Jason Coombs" <jasonc@xxxxxxxxxxx>
Date: Sun, 13 Feb 2005 19:24:30 +0000 GMT

Valid ... Invalid ... Nonsense.

The only meaningful thing the engine could do is check whether the certificate 
is the certificate it is supposed to be by looking at the public key contained 
therein.

A public key that has never before been seen in the real world, by anyone, 
anywhere, is a threat until proved otherwise. A public key that we have never 
seen before should not be trusted automatically, even if somebody else has 
encountered it in the past.

No change of public key should be allowed without human intervention to 
rationalize the legitimacy of the change. Automated 'Valid' / 'Invalid' 
determinations are absurd where there is a different public key that was 
trusted instead for the same entity in the past.

We need systems that warn us of key changes and give us the opportunity to pick 
up the phone or walk down the hall and find out why the entity we trust was 
forced to abandon a perfectly good key pair in favor of another.

Regards,

Jason Coombs
jasonc@xxxxxxxxxxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Credit Card data disclosure in CitrusDB
Next by Date: [Full-Disclosure] [ GLSA 200502-16 ] ht://Dig: Cross-site scripting vulnerability
Previous by thread: [Full-Disclosure] [gentoo-announce] [ GLSA 200502-14 ] mod_python: Publisher Handler vulnerability
Next by thread: [Full-Disclosure] [ GLSA 200502-16 ] ht://Dig: Cross-site scripting vulnerability
Index(es):
- Date
- Thread