On Thu, Apr 09, 2020 at 04:55:51PM +0100, Nick Lamb via dev-security-policy
wrote:
> Right-sizing of Bloom filters is an issue, but you only need to get
> ballpark accuracy. If we genuinely aren't sure if there will be a
> thousand or a billion RSA private keys compromised next year then yup
>
On Mon, 6 Apr 2020 12:56:02 -0400
Ryan Sleevi via dev-security-policy
wrote:
> It's not as easy as saying "use a bloom filter" if a bloom filter
> takes X amount of time to generate.
I've spent a bunch of time up to my neck in bloom filters (they're one
of the key components of 4store, a GPL'd
On Mon, Apr 06, 2020 at 12:56:02PM -0400, Ryan Sleevi wrote:
> On Mon, Mar 30, 2020 at 5:32 PM Matt Palmer via dev-security-policy
> wrote:
> > Righto, the goals are:
> >
> > * Make it a policy violation for CAs to issue a certificate using a public
> > key they've revoked before.
> >
> > *
On Mon, Mar 30, 2020 at 5:32 PM Matt Palmer via dev-security-policy
wrote:
> Righto, the goals are:
>
> * Make it a policy violation for CAs to issue a certificate using a public
> key they've revoked before.
>
> * Clarify the language around key compromise revocation to make it obvious
>
On Mon, Mar 30, 2020 at 10:59:02AM -0400, Ryan Sleevi wrote:
> On Mon, Mar 30, 2020 at 6:28 AM Matt Palmer via dev-security-policy
> wrote:
> It's useful to focus on the goal, rather than the precise language, or
> where you see folks getting confused or misunderstanding things. That
> is,
Thanks for starting this!
On Mon, Mar 30, 2020 at 6:28 AM Matt Palmer via dev-security-policy
wrote:
> If such a modification were deemed appropriate for the BRs, I would suggest
> that the following changes would fit the bill. All sections, etc taken from
> version 1.6.7 of the BRs.
In my recent forays into mass-revocation for key compromise, one aspect that
was particularly frustrating and unnecessary was having to send revocation
requests for new certificates, issued by a CA using a private key which I
had previously reported as compromised to that same CA. Once a key is
7 matches
Mail list logo