Re: [Sks-devel] old certificates

sks-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] old certificates

From:	Benny Baumann
Subject:	Re: [Sks-devel] old certificates
Date:	Tue, 29 Apr 2014 18:14:25 +0200
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0

Hi,

Am 29.04.2014 12:52, schrieb Kiss Gabor (Bitman):
> Dear all,
>
> A quick scan of certificates used by current HKPS pool members
> shows that the following servers have pre-heartbleed certificate:
>
> a.keyserver.pki.scientia.net          Aug  4 15:32:48 2013 GMT
> key.adeti.org                         Mar  9 12:35:57 2014 GMT
> key.ip6.li                            Nov  9 14:26:10 2013 GMT
> keys.alderwick.co.uk                  Feb  7 18:22:08 2014 GMT
> keys.fedoraproject.org                        Aug  6 08:22:21 2013 GMT
> keys.sflc.info                                Oct  2 19:57:20 2013 GMT
> keys2.alderwick.co.uk                 Feb  7 18:22:36 2014 GMT
> keyserver.codinginfinity.com          Jan  9 21:24:09 2014 GMT
> keyserver.secretresearchfacility.com  Jul  5 00:02:38 2013 GMT
> keyserver.secure-u.de                 Jan 13 19:18:27 2014 GMT
Will poke the maintainer accordingly, server probably affected AFAIK.
> keyserver.skoopsmedia.net             Nov 19 18:24:26 2013 GMT
> keyserver.ut.mephi.ru                 Nov 13 12:45:02 2013 GMT
> keyserver.witopia.net                 Nov  7 22:13:57 2013 GMT
> klucze.achjoj.info                    Nov 13 19:37:55 2013 GMT
> pgpkeys.eu                            Mar  9 12:48:04 2014 GMT
> sks.fidocon.de                                Aug 31 11:22:45 2013 GMT
Same person. Same procedure.
> sks.karotte.org                               Jul  4 21:10:30 2013 GMT
> sks.mrball.net                                Oct  4 22:02:56 2013 GMT
> sks.undergrid.net                     Nov 14 17:52:09 2013 GMT
> zimmermann.mayfirst.org                       Nov 13 20:49:36 2013 GMT
I'm not on the list and if you connect to my server
(pgp.benny-baumann.de) you will find it will talk to you using a HKPS
certificate - but responds your query with plaintext - which is a known
bug in the used wrapper (mod_gnutls combined with mod_proxy). Thus: My
server is not affected. Once this issue is fixed you'll find the
certificate continued being used.
> I bet at least one third of these servers is affected by
> Heartbleed Bug. :-) However I cannot figure out which of them.
> I ask everybody to declare if they did not use compromised version
> of openssl since the start of validity period of certificate.
No affected OpenSSL version in the webserver process.
> Gabor
Regards,
BenBE.

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Sks-devel] old certificates, Kiss Gabor (Bitman), 2014/04/29
- Re: [Sks-devel] old certificates, Stephan Seitz, 2014/04/29
- Re: [Sks-devel] old certificates, Benny Baumann <=
  - Re: [Sks-devel] old certificates, Gabor Kiss, 2014/04/29
    - Re: [Sks-devel] old certificates, Jeremy T. Bouse, 2014/04/29
- Re: [Sks-devel] old certificates, Daniel Austin, 2014/04/29
- Re: [Sks-devel] old certificates, Nat Howard, 2014/04/30
- Re: [Sks-devel] old certificates, Christoph Anton Mitterer, 2014/04/30
  - Re: [Sks-devel] old certificates, Kristian Fiskerstrand, 2014/04/30
- Re: [Sks-devel] old certificates, Andrew Alderwick, 2014/04/30

Prev by Date: Re: [Sks-devel] old certificates
Next by Date: Re: [Sks-devel] old certificates
Previous by thread: Re: [Sks-devel] old certificates
Next by thread: Re: [Sks-devel] old certificates
Index(es):
- Date
- Thread