On Wednesday 09 April 2014 23:01:30 Joey Hess wrote: [...] > So this is a gamble with not much of a payoff.
The payoff is a certificate that is more likely not to have been compromised, and one that is signed by your CA. > I would be quite happy if Debian came with a way to say: > "I don't trust any cert created before heartbleed was announced." Can be done if you hack X509_verify and equivalent functions when they check the validity of the certificate. Not that I suggest that I am going to implement it or that I would be in favor of such a check. I believe that it would be an overreaction. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
