Getting a grasp on Heartbleed and IDPs

Ian Young ian at
Thu Apr 10 14:18:41 EDT 2014

On 10 Apr 2014, at 19:14, Eric Goodman <Eric.Goodman at> wrote:

> E.g., a non-public https server's (different) key,

Yes to this one: if one web server is handling multiple virtual hosts, the data for one vhost isn't isolated from the data from the others.

> or perhaps even keys created or manipulated using OpenSSL on the command line

This seems unlikely, as those would be in different processes. Unless someone has a specific mechanism in mind, I'd be sceptical of that.

	-- Ian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5943 bytes
Desc: not available
Url : 

More information about the users mailing list