On Sat, Oct 19, 2024 at 10:15:05AM +0000, Peter Gutmann wrote: > The widespread use of public key cryptosystems on the Internet has led to a > proliferation of publicly known but not necessarily acknowledged keys that > are used for testing purposes or that ship preconfigured in applications. > These keys provide no security, but since there's no record of them, > relying parties are often unaware that they provide no security.
Relying parties should be checking keys against the dataset maintained by pwnedkeys.com, which has a great many keys, both test and otherwise, including the keys contained in RFC9500 (included since ~December 2023). - Matt -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/83b1d801-73ce-42ce-a735-b1653b74312c%40mtasv.net.
