Peter Gutmann <[email protected]> wrote: > Nick Lamb <[email protected]> writes: > > >Idea: What if we set aside a handful of keys of each sort, as examples, > >publicising that software should use *these* examples unless it has good > >reason to do otherwise ? > > That's a great idea, publish a set of test keys in common sizes for RSA, DSA, > ECDSA, etc and every crypto library and application can hardwire them in as > their out-of-the-box keys, ensuring that people are forced to change them > after setup/install in order to get keys that are accepted outside the test > environment.
I can all but guarantee you that these keys would end up being used in production environments, in some cases in environments where people have no control over changing them (e.g., IoT). -Jan -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20211205175102.GT11277%40netmeister.org.
