[CentOS] was, Re: This doesn't make sense, is the apache update
Warren Young
warren at etr-usa.com
Fri Sep 23 20:14:32 UTC 2011
On 9/23/2011 1:21 PM, m.roth at 5-cent.us wrote:
> The one thing I don't understand is this: AFAIK, apache release not a
> server update, but an update to the certificate chain, yanking Digitar's
> CA.
What, pray tell, are you talking about?
I assume you mean "DigiNotar", the defunct Dutch CA?
What does the complete collapse of a once-trusted CA have to do with
Apache? All this noise about DigiNotar is about bogus server-side
certs, and how they impact browsers and other client-side SSL users. I
have heard nothing about any resulting threat to Apache. The only one I
can conceive is something to do with bogus client-side certs, which
seems pretty unlikely, given how rarely they are used.
Additionally:
- "grep -Ris diginotar /etc/pki" returns nothing. Ditto for "vasco",
DigiNotar's parent organization. This file you are worried about...it
apparently lives somewhere else, or does not contain these words?
- Googling "diginotar site:mail-archives.apache.org" also returns
nothing. So there's a threat to Apache, but no one on any of the Apache
mailing lists is talking about it?
More information about the CentOS
mailing list