On 2018-12-19 10:55, Matt Palmer wrote:
On Wed, Dec 19, 2018 at 10:08:51AM +0100, Kurt Roeckx via dev-security-policy
wrote:
On 2018-12-18 11:44, Matt Palmer wrote:
It's currently loaded with great piles of Debian weak keys (from multiple
architectures, etc), as well as some keys I've picked up at various times.
I'm also developing scrapers for various sites where keys routinely get
dropped.
You might for instance also want to look at
https://github.com/devttys0/littleblackbox, I'm not sure how useful it is.
Oh my, that's an interesting trove. I was a bit worried at first that the
private keys weren't included, but it looks like there's at least some in
there.
I'm not sure how you feel about listing keys where you don't have the
private key for, but are known to be compromised anyway. One potential
source for such information might be CRLs where the reason for
revocation was keyCompromise.
If you don't want to publish the private keys, distributing the public
keys might be an option.
Kurt
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
