|
From: | Gabor Kiss |
Subject: | Re: [Sks-devel] "quality" of keyservers offering hkps |
Date: | Thu, 14 Aug 2014 06:15:38 +0200 (CEST) |
User-agent: | Alpine 2.02 (DEB 1266 2009-07-14) |
> In case of the last remaining 7 servers (= every 5th server) the test > showed an exploit opportunity related to CVE-2014-0224 [4], which can > be eliminated by simply updating the OpenSSL package on these systems. > As I'm not that much deep in the topic I'm not sure about the impact > of this issue on the security of hkps connections. Perhaps anyone can _Every_ SSL encrypted traffic of these servers can be decoded by an eavesdropper after silently eliciting the secret key. > give an advise here. Could this be a threat and should be also checked > before including servers to the hkps pool? Definitely yes. Gabor
[Prev in Thread] | Current Thread | [Next in Thread] |