Every version of GnuTLS found to vulnerable to certification bypass.
infinity0 at pwned.gg
Wed Mar 5 02:33:17 CET 2014
On 05/03/14 00:39, Thomas Gries wrote:
> Am 04.03.2014 11:47, schrieb Daniel Kahn Gillmor:
>>> Every version of GnuTLS found to vulnerable to certification bypass.
>> why are you writing this to the gnupg development mailing list?
>> gnupg is entirely independent of gnutls.
> Perhaps you are right, but
> https://twitter.com/kennwhite/status/440941032616624128 says:
> and you should answer him, if he is wrong, or mixing up things.
> One other aspect is that all apt-transport using things are victims, too.
APT uses GPG and is not affected. It looks like that article has patched this up, but "a second layer of protection" is still not correct; GPG is the *only* layer of protection that APT relies on. TLS is Transport Layer Security, not end-to-end security, which is what matters in a distributed system.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 880 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-devel