[SSL Observatory] Using observatory data to check CAcert

Ralph Holz ralph at ralphholz.de
Mon Aug 1 03:03:28 PDT 2011


Hi,

>>> I have not checked the CAcert database for the Debian SSL
>>> vulnerability, as that would've been non-trivial. There were scripts
>>> shipped with the SSL Observatory data, but I found them not easy to
>>> use, so I skipped that part. 
>>
>> I would expect EFF to have done that as they did report on the number
>> of PRNG-flawed certificates in either their Defcon or 27C3 talk.
> 
> I trust that cacert has revoked all debian ssl-vulnerable certificates,
> but feel free to check yourself.

Err, I understood you wanted to check for vulnerable certs in the EFF
data. Is that not correct? You did not mention revocation (which
requires a bit more effort, but not much).

Ralph

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/observatory/attachments/20110801/54880195/attachment.sig>


More information about the Observatory mailing list