[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] "quality" of keyservers offering hkps

From: Gabor Kiss
Subject: Re: [Sks-devel] "quality" of keyservers offering hkps
Date: Thu, 14 Aug 2014 06:15:38 +0200 (CEST)
User-agent: Alpine 2.02 (DEB 1266 2009-07-14)

> In case of the last remaining 7 servers (= every 5th server) the test
> showed an exploit opportunity related to CVE-2014-0224 [4], which can
> be eliminated by simply updating the OpenSSL package on these systems.
> As I'm not that much deep in the topic I'm not sure about the impact
> of this issue on the security of hkps connections. Perhaps anyone can

_Every_ SSL encrypted traffic of these servers can be decoded by
an eavesdropper after silently eliciting the secret key.

> give an advise here. Could this be a threat and should be also checked
> before including servers to the hkps pool?

Definitely yes.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]