[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] old certificates
From: |
Benny Baumann |
Subject: |
Re: [Sks-devel] old certificates |
Date: |
Tue, 29 Apr 2014 18:14:25 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0 |
Hi,
Am 29.04.2014 12:52, schrieb Kiss Gabor (Bitman):
> Dear all,
>
> A quick scan of certificates used by current HKPS pool members
> shows that the following servers have pre-heartbleed certificate:
>
> a.keyserver.pki.scientia.net Aug 4 15:32:48 2013 GMT
> key.adeti.org Mar 9 12:35:57 2014 GMT
> key.ip6.li Nov 9 14:26:10 2013 GMT
> keys.alderwick.co.uk Feb 7 18:22:08 2014 GMT
> keys.fedoraproject.org Aug 6 08:22:21 2013 GMT
> keys.sflc.info Oct 2 19:57:20 2013 GMT
> keys2.alderwick.co.uk Feb 7 18:22:36 2014 GMT
> keyserver.codinginfinity.com Jan 9 21:24:09 2014 GMT
> keyserver.secretresearchfacility.com Jul 5 00:02:38 2013 GMT
> keyserver.secure-u.de Jan 13 19:18:27 2014 GMT
Will poke the maintainer accordingly, server probably affected AFAIK.
> keyserver.skoopsmedia.net Nov 19 18:24:26 2013 GMT
> keyserver.ut.mephi.ru Nov 13 12:45:02 2013 GMT
> keyserver.witopia.net Nov 7 22:13:57 2013 GMT
> klucze.achjoj.info Nov 13 19:37:55 2013 GMT
> pgpkeys.eu Mar 9 12:48:04 2014 GMT
> sks.fidocon.de Aug 31 11:22:45 2013 GMT
Same person. Same procedure.
> sks.karotte.org Jul 4 21:10:30 2013 GMT
> sks.mrball.net Oct 4 22:02:56 2013 GMT
> sks.undergrid.net Nov 14 17:52:09 2013 GMT
> zimmermann.mayfirst.org Nov 13 20:49:36 2013 GMT
I'm not on the list and if you connect to my server
(pgp.benny-baumann.de) you will find it will talk to you using a HKPS
certificate - but responds your query with plaintext - which is a known
bug in the used wrapper (mod_gnutls combined with mod_proxy). Thus: My
server is not affected. Once this issue is fixed you'll find the
certificate continued being used.
> I bet at least one third of these servers is affected by
> Heartbleed Bug. :-) However I cannot figure out which of them.
> I ask everybody to declare if they did not use compromised version
> of openssl since the start of validity period of certificate.
No affected OpenSSL version in the webserver process.
> Gabor
Regards,
BenBE.
signature.asc
Description: OpenPGP digital signature
- [Sks-devel] old certificates, Kiss Gabor (Bitman), 2014/04/29
- Re: [Sks-devel] old certificates, Stephan Seitz, 2014/04/29
- Re: [Sks-devel] old certificates,
Benny Baumann <=
- Re: [Sks-devel] old certificates, Daniel Austin, 2014/04/29
- Re: [Sks-devel] old certificates, Nat Howard, 2014/04/30
- Re: [Sks-devel] old certificates, Christoph Anton Mitterer, 2014/04/30
- Re: [Sks-devel] old certificates, Andrew Alderwick, 2014/04/30