Hacker News new | past | comments | ask | show | jobs | submit login

It's true, I do remember the DROWN exploit relying upon keys presented over differing protocols.

It doesn't take long to generate an RSA key, though. A dedicated signing key would seem to be the obvious thing to do.

https://en.wikipedia.org/wiki/DROWN_attack




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: