[gnutls-devel] SSL certificate validation bugs in GnuTLS
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Feb 13 20:29:22 CET 2014
On 02/13/2014 02:14 PM, Nikos Mavrogiannopoulos wrote:
> On 02/13/2014 07:58 PM, Antoine Delignat-Lavaud wrote:
>> I will double check this but as far as I remember I don't think there
>> was any certificate issued without the DigitalSignature flag recently,
>> at least on the public PKI.
>
> You may want to check the SSL obvervatory's 2010 data (I couldn't find a
> later version). There you'll notice a whole madness with certificates. I
> even remember DSA certificates marked for key encipherment.
there are some more modern scans provided at https://scans.io/, for
folks interested in trawling large datasets of X.509 certificates.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1010 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20140213/6c5a22c1/attachment.sig>
More information about the Gnutls-devel
mailing list