Dear Matt, On Sun, Nov 10, 2024 at 10:02:43PM +0000, Matt Palmer wrote: > On Sun, Nov 10, 2024 at 08:52:49AM -0800, Aaron Gable wrote: > > Thanks for running this important service!
Yes, very cool work. > > Given that these private keys are already compromised, why is the > > revokinator's storage solution so important as to preclude > > implementing the only (as far as I'm aware) IETF-standardized > > compromise reporting mechanism? > > For much the same reason that full-disc isn't the standard way of > reporting software security vulnerabilities. While the keys are > compromised, in the sense that someone other than the legitimate user > of the key has a copy of them, they aren't necessarily universally > known to every bad actor. > > Given that I've got keys that have, at times in the past, been for > certificates with sANs like "*.gov.<ccTLD>", I don't feel it is > appropriate to leave those private keys in a centralised location for > any miscreant with a penchant for network interception to grab en > masse and use as they desire. Hence, all private keys are stored > offline and encrypted, in a deliberately not-easy-to-access form. > > I shall augment the FAQ to make this more clear. You seem to take an attentive and careful position on this problem space. I read your message as that you consider the compromised keys to be "not yours to use", which to me seems very reasonable. Kind regards, Job -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/ZzEv2Rhtbf8RuCib%40fast.
