Allegedly, on or about 08 April 2014, Patrick O'Callaghan sent: > See also http://heartbleed.com/ and > http://arstechnica.com/security/2014/04/critical-crypto-bug-in-openssl-opens-two-thirds-of-the-web-to-eavesdropping/
Quoting from the arstechnica link (is that name meant to be funny?), I find this: "recovering from the two-year-long vulnerability may also require revoking any exposed keys, reissuing new keys, and invalidating all session keys and session cookies" Years ago I noticed a browser option to check for revoked keys, one that was always disabled by default on any system I looked. Switching it on caused many sites to fail, because they were badly set up. e.g. My bank, and many other mainstream sites. It was an option that I considered ought to be set by default. I would have thought that checking for revoked certificates should be a mandatory step in a secure browsing situation. I wonder what the current state of play is with that? -- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I will only read messages posted to the public lists. George Orwell's '1984' was supposed to be a warning against tyranny, not a set of instructions for supposedly democratic governments. -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
