On 01/22/2009 01:45 AM, Nelson B Bolyard:
Isn't the publishing of the private key enough evidence for compromise?
At least it got us and some others to revoke all weak keys.
IMO, yes, it is enough evidence. But the position of those CAs, as I
understand it, is that such publication is only a potential compromise.
Follow up on this one: The weak keys represent a suspected key
compromise. Suspected key compromise allows for unilateral revocation by
the CA usually.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
