oss-sec mailing list archives

Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/

From: Reed Loden <reed () reedloden com>
Date: Wed, 25 Nov 2015 07:54:08 -0800

Great idea, Kurt.

Is this related to this recent CERT/CC advisory?

http://www.kb.cert.org/vuls/id/566724
http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html

On Tuesday, November 24, 2015, Kurt Seifried <kseifried () redhat com> wrote:

https://github.com/RedHatProductSecurity/Certificates-Shipped/

The idea is to create a comprehensive list of shipped certs/keys/etc by
open source vendors/distributions/projects so that:

1) we have a list of secrets maintained by external parties that we rely
upon
2) we can audit them and make sure we should be trusting them
3) also spot changes more easily (since the existing corpus is available)

Current thread:

Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried (Nov 24)
- Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Reed Loden (Nov 25)
  - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried (Nov 25)
- Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Hanno Böck (Nov 25)
  - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried (Nov 25)
    - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Gsunde Orangen (Nov 25)
    - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried (Nov 25)
    - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Josh Matthews (Nov 30)
    - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Kurt Seifried (Nov 30)
    - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Daniel Micay (Nov 30)
    - Re: Announcing https://github.com/RedHatProductSecurity/Certificates-Shipped/ Gsunde Orangen (Nov 26)