[43455] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: A note on vendor reaction speed to the e=3 problem

daemon@ATHENA.MIT.EDU (David Shaw)
Fri Sep 15 13:13:13 2006

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Fri, 15 Sep 2006 09:48:16 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
In-Reply-To: <E1GO9O7-0000na-00@medusa01.cs.auckland.ac.nz>

On Fri, Sep 15, 2006 at 08:49:31PM +1200, Peter Gutmann wrote:

> When I fired up Firefox a few minutes ago it told me that there was
> a new update available to fix security problems.  I thought, "Hmm, I
> wonder what that would be...".  It's interesting to note that we now
> have fixes for many of the OSS crypto apps (OpenSSL, gpg, Firefox

GPG was not vulnerable, so no fix was issued.  Incidentally, GPG does
not attempt to parse the PKCS/ASN.1 data at all.  Instead, it
generates a new structure during signature verification and compares
it to the original.

David

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post