Monday, April 21, 2014

PKI is an unsolved problem, revocation especially.

Here is a great article on revocation checking in the wake of the Heartbleed OpenSSL problem. https://www.imperialviolet.org/2014/04/19/revchecking.html

Reading this is helpful in understanding how to cope with Heartbleed, but the real message is that the global PKI is broken at best. Thanks to Adam Langley for writing this up.


(thanks to cnet for the cool graphic)

No comments: