If only cert revocation was as easy as updating an entry in DNS.
@WatsonLadd @dakami @gdbassett Still too much to download. And attacker can block the download. CRLs are dead. Working on a better solution.
-
-
@BRIAN_____@WatsonLadd@dakami Reality is in a few months maybe orgs will have patched openSSL but most will never revoke/regen most keys. -
@gdbassett@BRIAN_____@WatsonLadd ...I don't know, now. Reality is they didn't patch into vuln and they're not patching out. Maybe. -
@dakami@BRIAN_____@WatsonLadd security through apathy? -
@gdbassett@BRIAN_____@WatsonLadd possible. It's the difference between punditry and polls...
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.