Comment 37 for bug 1490804
Revision history for this message
| Travis McPeak (travis-mcpeak) wrote Re: PKI Token Revocation Bypass | #37 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
This also seems like a prime target for a security note (OSSN). Basically we'll say something along the lines of "PKI(Z) tokens without online validation shouldn't be considered safe for certain versions" (if I understand this correctly).
This will enable cloud deployers to better understand the documented risks they are accepting.