Paul Hoffman wrote: > [...] > Sure, but that's not the model most CAs have with their customers. I > would bet that if a CA sent out a message saying "we're revoking your > cert tomorrow, here's a new one" to all of its affected customers, fewer > than 95% would have the new cert installed correctly. The remainder > would be screwed, and the customer support lines (and I use that term > very loosely) would be jammed.
Aren't the people who send their credit card number on an https connexion where the private key of the server is public knowledge already screwed ? > A better mechanism would be for the CAs to send out repeated letters > saying that the keys are probably compromised and the certified party > really really really should do an update. If they don't, it is now the > responsibility of the certified party. Isn't the entity the users trust when they see a certificate foremost the CA that emitted it ? What conclusion should they reach if it's OK with that party if their connexion is not secure ? The argument against revocating all those certs I would think of as strong is more that it would break the CRL system. If there are tens of thousands of certs to revoke (and there's all reasons to think it's in that size range), the CRL become simply unmanageable at every level. Users would take ages to download and process it, and the providing site could no more handle the load. But if, as suggested, Firefox gets a list of the broken public keys, and reject them directly, it solves that problem. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
