On 01/22/2009 01:13 PM, Ian G:
Although it is good that people rose to the challenge of the debian PRNG
failure, I do not understand the position that all certs had to be
revoked. Isn't it a situation between the Subscribers, Relying Parties
and the CA concerned? That is, notification is as far as you can go?
Indeed! Mozilla is a relying party.
A weak key is compromised from the outset and upon detection (which can
be actively pursued) requires revocation of the key by the CA. This is
what most CAs have in their policies. This was what drove some CAs to
actually revoke them. Gerv and others were very helpful in pointing out
the arguments in favor of such an action.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
