[nSLUG] GnuTLS certificate bug and Apple certificate bug

George N. White III gnwiii at gmail.com
Tue Mar 18 12:04:20 ADT 2014


On Tue, Mar 18, 2014 at 10:47 AM, Gerald Ruderman
<linux at zdoit.airpost.net>wrote:

> My conclusion in the case of the GnuTLS and Apple certificate bugs is
> that there was no test to see that an invalid certificate was rejected.
> Would such a test have caught these bugs?
>

There are multiple reasons to reject a certificate, so a comprehensive test
suite is
needed.

The problem is that crooks are testing  more carefully than the authors and
distributions
(there is a lot to be gained from exploiting a bug for espionage or profit,
but significant
time and effort needed to report security bugs without making things worse
by posting
them on a public forum or bugzilla).

The certificate system is on a par with airport security checks --
necessary to keep
people using planes and online commerce, but they only keep out inept bad
guys.

-- 
George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nslug.ns.ca/pipermail/nslug/attachments/20140318/30c63df2/attachment.html>


More information about the nSLUG mailing list