Re: [oCERT-2011-003] multiple implementations denial-of-service via hash algorithm collision

[Solar Designer <solar () openwall com>]

On Thu, Dec 29, 2011 at 11:58:21PM +0100, Andrea Barisani wrote:
> As stated in our timeline the embargo date was requested by reporters:
> "2011-09-25: vulnerability report received, reporters set embargo date to December 27th"
>
> Our disclosure policy also says:
> "- in any circumstance reporter preference will always be honoured in case a
> joint agreement is not reached, as oCERT would be anyway unable to force its
> embargo"
>
> We tried to negotiate an earlier embargo time as, obviously, many complained
> about the unfortunate timing considering xmas holidays but the reporters really
> wanted to release this after the CCC talk.
>
> It is oCERT policy to not leak reports before the desired date set by the
> reporters if a more favourable one is not agreed upon.
>
> Hope this clarifies the exception.

It does (at least for me).  I just felt that this needed to be said.

Thank you!

Alexander