Nick Lamb <[email protected]> writes: >Idea: What if we set aside a handful of keys of each sort, as examples, >publicising that software should use *these* examples unless it has good >reason to do otherwise ?
That's a great idea, publish a set of test keys in common sizes for RSA, DSA, ECDSA, etc and every crypto library and application can hardwire them in as their out-of-the-box keys, ensuring that people are forced to change them after setup/install in order to get keys that are accepted outside the test environment. If there's general support for this, and no-one else wants to do it, I can run up an RFC draft with a bunch of test keys formatted as C byte strings that could be incorporated into anything in a C-like language with little more than cut&paste. Peter. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/SY4PR01MB6251A7588839AF77E99EED6AEE6C9%40SY4PR01MB6251.ausprd01.prod.outlook.com.
