On Sat, 2013-12-21 at 17:14 -0700, T.C. Hollingsworth wrote: > > > And what about our certificates? Are they more or less useless now? > > There are no vulnerabilities related to X.509 certificates generated > by OpenSSL (on Fedora or otherwise) that I am aware of.
The big vulnerability in the whole certificate authentication system is not the certs themselves or the crypto based on them. It's the security of the certificate authorities. There have been several well-publicized incidents recently where CA's have been hacked and had certs stolen, which allowed attackers to play man-in-the-middle (snooping on encrypted connections) or put up fake certs to lure users to bogus web sites which will check out as legit in the browsers. This of course does not apply to certs you generate yourself with openssl, but CA-signed certs are more common on the net. --Greg -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
