Testbed Support for GridPP member institutes
> [mailto:[log in to unmask]] On Behalf Of Alessandra Forti said:
> what scares me is not this incident in particular. It is the
> fact that
> there is no infrastructure to face an hyphotethical real
> incident.
There's also the fact that this exploit has been known about for several
years, and nothing has been done about it!
> I haven't seen 1 answer that was
> pointing to official documentation saying how to blacklist a
> certificate
> and what procedure to follow. Is there any doc about it? :(
I think the correct answer was the one about using the lcas ban file. No
doubt it's somewhere in the LCAS docs, but you're right that we need
these things pulled out explicitly into some short document that people
can find in an emergency.
Stephen
|