Ian G wrote, On 2008-10-20 19:24: > There are possibilities. One is the server-side self-signed certs, > which would generally prefer KCM to be useful, so add Petnames. > This is ok for small sites, small communities, but valuable there as > compromised boxes are a pain.
The Debian OpenSSL fiasco caused the creation of 3*65536 bad keys of each and every conceivable size (e.g., 1024 bit, 1025 bit, 1026 bit ...). A file was created that contained all those keys for two popular sizes, 1024 bit and 2048 bit, and when compressed, that file is about the size of the entire browser download. It is widely agreed that, since KCM has no central revocation facility, the only way to effectively handle revocation is for individual KCM clients and servers, which is to say, users, to download those enormous files of bad keys, and check their sets of trusted keys against those files. Tools for doing that are available to SSH users now. Users who don't do that, who don't download and use those enormous compromised key lists (CKLs) and their checking programs, will be forever vulnerable to those compromised keys. Further, new KCM keys should be tested against those files before being added to the user's trusted list. This has given rise to the proposal to add code to do that to the browser. But the prospect of adding such enormous CKLs to browser downloads seems to be unacceptable to nearly everyone in Mozilla land. I think that says that KCM really must be relegated to the uses that really don't care about MITM, not even in the least tiny little bit. Personally, I have no such uses. I have no need for encryption that is vulnerable to MITM, but evidently lots of people think they do. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
