| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200502130712593.SM02452@wolfcub3kv> From: purdy at tecman.com (Curt Purdy) Subject: [lists] Re: Administrivia: List Compromised due to MailmanVulnerability Anders Langworthy wrote: > Valdis.Kletnieks@...edu wrote: > > Unless we have a Schrodinger's Cat John who manifests itself twice, > > once saying "Yup" and once saying "Oh shit!". :) > > > > Hehe. Technically it doesn't work that way. At this very > moment, the certificate can be both valid and invalid. > However, once we query John about his state (akin to opening > the bag and checking up on the Cat) and he produces an > answer, the wave function that is John's SSL Certificate has > collapsed. At that point, the certificate can either be > valid or invalid, but not both. <snip> Actually it can be both. Unlike in the real world of physics, the unreal world of the Internet has morphed perceptions. And since in the real world dualities cannot exist, this must be quantified. Which is the reason the engine should not just check if the certificate is valid, but should also check if it is invalid. If so, it must then be rejected. Curt Purdy CISSP, GSEC, CNE, MCSE+I, CCDA Information Security Engineer DP Solutions ----------------------------- If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked. -- former White House cybersecurity czar Richard Clarke
Powered by blists - more mailing lists