[Security] Rogue CAs

Jonathan Schleifer js-xmpp-security at webkeks.org
Wed Dec 31 11:42:03 CST 2008

"Eric Rescorla" <ekr at rtfm.com> wrote:

> Firefox 3 does OCSP checks.

Not by default, no. It was either disabled by default or there was a
bug, I don't remember, but it doesn't work as expected by default.

> s/Windows/Linux/. It's not exactly like those operating systems are
> perfect.

As there are many distributions of Linux and most customized theirs, a
worm would be hard.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
Url : http://mail.jabber.org/pipermail/security/attachments/20081231/843386d3/attachment.pgp 

More information about the Security mailing list