Re: [nznog] Message concerning Certs

On 9/04/2014, at 2:47 pm, David Robinson wrote:

Though should only regenerate when your CA has updated their side if they use openssl anywhere in their pipeline

I’m not sure that this is really true - The bug lets you read memory in a process that terminates an SSL connection. If your CA has private key material for certificate signing certificates in a process that’s network addressable, then surely they should be in a different business, no? Please correct me if I’m wrong, maybe I haven’t thought wide enough.

And you also need to revoke your current SSL certificates so they can't be repurposed

On 9 April 2014 13:05, Gerard Creamer wrote:

...

That's what we did - patch then regenerate. Better safe than sorry.

On 9/04/2014 11:47 a.m., Michael Sutton wrote:

NZNOG members:

My apologies but all attempts to send the text content of this PDF this morning have been blackholed until I managed to send the contents to InternetNZ PAG as a PDF which made it through filters which been stopping this content. I have had no problem send other messages etc.

Your comments would be appreciated as I see this as a major issue which may require all certificates to be regenerated and then only used on patched systems whose memory and priv keys cannot read copied by external parties.

Sincerely Michael S Sutton Director - Awacs Communications (NZ) Limited Transit Room The Dominion Observatory 34 Salamanca Road Kelburn Wellington +64 21 305500 Twitter & Skype: Mikiwis http://www.awacs.co.nz https://www.google.co.nz/#q=michael+sutton+nokia+patent http://www.linkedin.com/profile/view?id=16587996&trk=tab_pro

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

-- Netspace Services Limited http://www.netspace.net.nz Phone +64 4 917 8098 Mobile +64 21 246 2266 Level 4, 191 Thorndon Quay, Thorndon PO Box 12-082, Thorndon, Wellington 6004, New Zealand

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog

_______________________________________________ NZNOG mailing list NZNOG(a)list.waikato.ac.nz http://list.waikato.ac.nz/mailman/listinfo/nznog