On 22/08/13 07:09, Mikko Rantalainen wrote: > Perhaps I'm not an average user but I would like to be informed about > changed key in all those cases.
You are definitely not the average user. >>> 2 year certs if time limit increases security? Why not issue a >>> new signature every day and be done with broken revocation >>> lists?) >> >> 1. That's what OCSP is. The equivalent of a new signature every few >> minutes. > > Yeah, and the browser support for this is approximately zero. Firefox supports OCSP today, has done for years, and we are improving that support at the moment (we just added stapling, and plan to add must-staple). > As long as the CA key X is signed with algorithm Y and its lifetime > is N years, there's no additional security for signing chained keys > for shorter lifetimes. For example, if a CA has 2048 bit RSA key with > self signature using SHA-1 and lifetime of 20 years, it really does > not matter if chained server keys have better algorithms and longer > key lengths. Yes it does. To take one example: it is not a significant problem if roots use an insecure hash algorithm, because nothing checks that hash. However, it is a problem if an intermediate uses an insecure hash algorithm. Gerv _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
