Re: [nznog] [PAG] Message concerning Certs

A CA who isn't communicating what they have done to address this issue with their customers today needs to be in a different business as well. On Wednesday, April 9, 2014, Nathan Ward wrote:

On 9/04/2014, at 2:47 pm, David Robinson javascript:;> wrote:

...

Though should only regenerate when your CA has updated their side if they use openssl anywhere in their pipeline

I'm not sure that this is really true - The bug lets you read memory in a process that terminates an SSL connection. If your CA has private key material for certificate signing certificates in a process that's network addressable, then surely they should be in a different business, no?

Please correct me if I'm wrong, maybe I haven't thought wide enough.

...

And you also need to revoke your current SSL certificates so they can't be repurposed

On 9 April 2014 13:05, Gerard Creamer javascript:;> wrote:

...

That's what we did - patch then regenerate. Better safe than sorry.

On 9/04/2014 11:47 a.m., Michael Sutton wrote:

NZNOG members:

My apologies but all attempts to send the text content of this PDF this morning have been blackholed until I managed to send the contents to InternetNZ PAG as a PDF which made it through filters which been

...

this content. I have had no problem send other messages etc.

Your comments would be appreciated as I see this as a major issue which may require all certificates to be regenerated and then only used on patched systems whose memory and priv keys cannot read copied by external

stopping parties.

...

Sincerely Michael S Sutton Director - Awacs Communications (NZ) Limited Transit Room The Dominion Observatory 34 Salamanca Road Kelburn Wellington +64 21 305500 Twitter & Skype: Mikiwis http://www.awacs.co.nz https://www.google.co.nz/#q=michael+sutton+nokia+patent http://www.linkedin.com/profile/view?id=16587996&trk=tab_pro

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz javascript:; http://list.waikato.ac.nz/mailman/listinfo/nznog

-- Netspace Services Limited http://www.netspace.net.nz Phone +64 4 917 8098 Mobile +64 21 246 2266 Level 4, 191 Thorndon Quay, Thorndon PO Box 12-082, Thorndon, Wellington 6004, New Zealand

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz javascript:; http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz javascript:; http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz javascript:; http://list.waikato.ac.nz/mailman/listinfo/nznog