From: Warren Young <warren@etr-usa.com>
To: The Vulgar and Unprofessional Cygwin-Talk List <cygwin-talk@cygwin.com>
Subject: Re: Zone alarm, you have failed me for the first time... and the last. (BLODA news)
Date: Mon, 20 Jul 2009 21:42:00 -0000 [thread overview]
Message-ID: <4A64E479.2000007@etr-usa.com> (raw)
In-Reply-To: <4A63E16D.2010503@gmail.com>
Dave Korn wrote:
> Newer versions of ZA don't run on w2k
Is Win2K still running on old time zone data, or did MS finally cave to
the pressure to release that patch without requiring a $1000 payment?
Anyway, that was enough of a scare for me. No more Win2K on boxes that
have to remain patched. I now use Win2K only to run IE6 in VMs for web
site testing. (Could use old XP, but Win2K is more suited to VM use.)
> should I be able to undermine the whole of PKI just by
> winding the clock back on my PC? Expired should mean expired revoked deleted
> and not available again even if you try IMO ...
Expiration is not the same thing as revocation.
Expiration just means you're delinquent on the Verisign Vig. The cert
doesn't stop being useful. The CA just stops certifying that the holder
is who he says he is. A client in possession of such a cert should warn
you, but let you keep using it. In your particular case, this means you
shouldn't have had to set your clock back, as you aren't actually
hacking anything by doing that. More like working around a bug.
Revocation means the cert's fingerprint gets put on a CRL, which PKI
clients are supposed to download and use to reject certs, whether
expired or no. This can happen, e.g., because the private key fell into
the wrong hands. No one is supposed to trust anything signed by that
key any more, because we can't trust those who have the key. The CA
doesn't get to do this on their own, it's something pushed to the CA on
behalf of their client.
next prev parent reply other threads:[~2009-07-20 21:42 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-20 3:03 Dave Korn
2009-07-20 21:42 ` Warren Young [this message]
2009-07-22 0:00 ` Dave Korn
2009-07-22 0:23 ` Warren Young
2009-07-22 9:34 ` Dave Korn
2009-07-22 10:03 ` Corinna Vinschen
2009-07-22 10:19 ` Dave Korn
2009-07-22 18:54 ` Morgan Gangwere
2009-07-23 1:26 ` The statistics of certification authorities Warren Young
2009-07-26 17:38 ` Zone alarm, you have failed me for the first time... and the last. (BLODA news) Dave Korn
2009-07-26 19:45 ` Morgan Gangwere
2009-07-26 20:50 ` Dave Korn
2009-07-26 22:39 ` Morgan Gangwere
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A64E479.2000007@etr-usa.com \
--to=warren@etr-usa.com \
--cc=cygwin-talk@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).