Hi Gerv, Gervase Markham: > > The situation is unusual. Related bugs should be connected with a > dependency relationship, or duped against each other. I'm not sure why > that hasn't happened in this situation. > > Bugzilla is not a discussion forum, hence the move here. >
Right! It happened to me on a different bug as well and the discussion was held (perhaps on purpose) at a different bug, which really annoyed me. I and many others were left without the chance to influence in time....But I understand that there isn't some global subscribe option of formula for bugs. [Finish Off-topic] >> dedicated IP address etc). Therefore we have about another one third >> which might be still using a weak key. This boils down for very few >> still affected sites, probably less then 1.66 %. >> > > But 1.66% of 800,000 is still a lot of sites. > Yes, indeed. > > Because attackers won't bother to exploit the problem until the year has > passed? > No, obviously not, but the scope is limited and the thread diminishes in the foreseeable future. The same thread existed already for some time (with nobody taking responsibility btw). > Also, won't people just get the same key signed again for another year? > Or is that not possible? > Yes, it's possible. Obviously the number will get really smaller as software gets updated and information spreads and so on. > > Crawling the web. > > OK, good idea! So you have to have quite some resources for such a crawler in order find all enabled sites and test their public keys in a reasonable amount of time. Perhaps you can buy the list from Netcraft to speed up the process. > We generate the list from the results of our crawl. > > We'd certainly corporate upon results of such a list. Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
