[tor-talk] [cryptography] The Heartbleed Bug is a serious vulnerability in OpenSSL
Georgi Guninski
guninski at guninski.com
Sun Apr 13 09:23:52 PDT 2014
On Fri, Apr 11, 2014 at 07:02:53PM -0400, grarpamp wrote:
> On Fri, Apr 11, 2014 at 10:43 AM, rysiek <rysiek at hackerspace.pl> wrote:
> > Dnia piÄ…tek, 11 kwietnia 2014 16:32:44 Georgi Guninski pisze:
> >> Is there a significant rise of revoked certs caused
> >> by HB paranoia?
> >
> > No idea, but we're considering revoking ours.
>
> As to ocsp/crl revocation, haven't looked (depending on
> application, getting the cert swapped out is more important
> anyway).
> But those of us who pin down certs instead of trusting CA's
> have been doing quite a bit of reconfiguring this week
> due to upstream certs being swapped out.
Well, g00gle have strange cert policy:
Issuer: C=US, O=Google Inc, CN=Google Internet Authority G2
Validity
Not Before: Apr 2 16:00:48 2014 GMT
Not After : Jul 1 00:00:00 2014 GMT
The visible ASCII structure in the big cert
almost sure comes from the ALT names :(
More information about the cypherpunks
mailing list