Hi David,
It is not needed here to go that far.
You've send to us (the world) the following:
- Your public certificate, in it your public key
- Your private key of the proxy
- Your public proxy certificate part, matching the private key of the proxy.
You've not send the private key of the certificate. If you would have
done that somebody would have contacted your CA and revoked it already. ;-)
The proxy was certainly usable and valid for 12 hours (until Mar 28
22:13:46 2007 GMT). It could have been mis-used during that time period.
Now it is not valid and you can't re-use it to generate new proxies out
of that one. This is one argument why we have have this system. The harm
is limited to that time frame.
Your personal certificate has not been comprised. You can still use that
certificate safely to generate new proxy certificates. You should be
very careful about the private key. Check the file permissions that only
you should be able to access it. Like passwords you shouldn't give that
out also because other people can do things and the blame will be on the
owner of the password or private key.
Personally I would like to advise sites to blacklist users individually
when such an exposure happens. It's like losing your credit card, you
don't want it to happen, but when it happens you want to block mis-use.
this would benefit you the user and the sites that would possibly need
to check the system. (Yes, I realize it hard to keep up with these day
by day issues).
Now the threat is over (your proxy is invalid now) and all blocks can be
lifted for you to continue your work.
cheers,
Oscar
David Garcia Aristegui wrote:
> I'm asking for a brand new cert, sorry for the inconveniences.
>
> Leif Nixon wrote:
>
>> David Garcia Aristegui <[log in to unmask]> writes:
>>
>>
>>
>>> [david@villon examples]$ more /tmp/x509up_u22
>>> -----BEGIN CERTIFICATE-----
>>> MIIEdzCCA+CgAwIBAgICBQwwDQYJKoZIhvcNAQEEBQAwUjELMAkGA1UEBhMCRVMx
>>>
>>
>> I know grid security and public key cryptography is hard, so please
>> don't be offended, but it is an exceptionally bad idea to publish the
>> contents of your proxy on a public mailing list - it is approximately
>> equivalent to publishing your personal password.
>>
>> (Apparently this proxy was non-functional, but we were about to
>> suspend your access to all Swedish sites to avoid unauthorized
>> access using your ide.)
>>
>>
>>
|