[nSLUG] GnuTLS certificate bug and Apple certificate bug
George N. White III
gnwiii at gmail.com
Tue Mar 18 12:04:20 ADT 2014
On Tue, Mar 18, 2014 at 10:47 AM, Gerald Ruderman
<linux at zdoit.airpost.net>wrote:
> My conclusion in the case of the GnuTLS and Apple certificate bugs is
> that there was no test to see that an invalid certificate was rejected.
> Would such a test have caught these bugs?
There are multiple reasons to reject a certificate, so a comprehensive test
The problem is that crooks are testing more carefully than the authors and
(there is a lot to be gained from exploiting a bug for espionage or profit,
time and effort needed to report security bugs without making things worse
them on a public forum or bugzilla).
The certificate system is on a par with airport security checks --
necessary to keep
people using planes and online commerce, but they only keep out inept bad
George N. White III <aa056 at chebucto.ns.ca>
Head of St. Margarets Bay, Nova Scotia
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nSLUG