oss-sec mailing list archives
Validating OCSP response signatures
From: Tim Brown <tmb () 65535 com>
Date: Mon, 22 Jun 2015 15:37:23 +0100
Hi, Do we consider failing (by policy) to validate the signature of OCSP responses to be a vulnerability? I did nudge SMC on Twitter but he was reticent to give a definitive view? Affects open and closed source code bases. Tim -- Tim Brown <mailto:tmb () 65535 com>
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Validating OCSP response signatures Tim Brown (Jun 22)
- Re: Validating OCSP response signatures cve-assign (Jun 25)