Date: Mon, 22 Jun 2015 15:37:23 +0100 From: Tim Brown <tmb@...35.com> To: oss-security@...ts.openwall.com, cve-assign@...re.org Subject: Validating OCSP response signatures Hi, Do we consider failing (by policy) to validate the signature of OCSP responses to be a vulnerability? I did nudge SMC on Twitter but he was reticent to give a definitive view? Affects open and closed source code bases. Tim -- Tim Brown <mailto:tmb@...35.com> [ CONTENT OF TYPE application/pgp-signature SKIPPED ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ