Eddy Nigg (StartCom Ltd.) wrote: > Boris Zbarsky: >> Could maybe try to brute-force the old key until they come up with a >> forged >> certificate that an SSL library accepts? > > No, not really. It requires the possession of the certificate with the > weak key signed by a CA.
I really don't think that "they will need to have access the site before it changed it's certificate" is a significant mitigation factor for such a high risk. I like the black list approach. Would be good to web-crawl to enhance the estimate, but I think around 99% of sites are using standard key sizes. And the people who are knowledgeable enough to have used values different from the standard ones in the scripts certainly have already changed their cert. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
