[CentOS] was, Re: This doesn't make sense, is the apache update
m.roth at 5-cent.us
m.roth at 5-cent.usFri Sep 23 20:21:18 UTC 2011
- Previous message: [CentOS] was, Re: This doesn't make sense, is the apache update
- Next message: [CentOS] was, Re: This doesn't make sense, is the apache update
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Warren Young wrote: > On 9/23/2011 1:21 PM, m.roth at 5-cent.us wrote: >> The one thing I don't understand is this: AFAIK, apache release not a >> server update, but an update to the certificate chain, yanking Digitar's >> CA. > > What, pray tell, are you talking about? > > I assume you mean "DigiNotar", the defunct Dutch CA? Yeah, then. I thought they had several versions of their name, btw. > > What does the complete collapse of a once-trusted CA have to do with > Apache? All this noise about DigiNotar is about bogus server-side > certs, and how they impact browsers and other client-side SSL users. I > have heard nothing about any resulting threat to Apache. The only one I > can conceive is something to do with bogus client-side certs, which > seems pretty unlikely, given how rarely they are used. First, I thought that some websites had a CA on the server side, and I thought I read that apache was pushing out a fix that merely removed the CA from the chain. That you don't have one doesn't necessarily mean that some other release might have one, or that some site installed it. Also, I don't think I've seen the Mozilla update same for browsers, which I'd *really* like to push to everybody on our subnet. mark
- Previous message: [CentOS] was, Re: This doesn't make sense, is the apache update
- Next message: [CentOS] was, Re: This doesn't make sense, is the apache update
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list