(I had this queued in my drafts folder, for some reason it didn't get sent).
Matt Palmer <[email protected]> writes: >Your proposed approach of pre-bundling, as I understand it, doesn't appear to >meet that requirement, as it would seem to capture a point-in-time snapshot >of the Pwnedkeys dataset. Le mieux est l'ennemi du bien (the best is the enemy of the good). Given that attackers seem to have no problems getting their hands on high-value Windows code signing keys, I would imagine they have even less trouble getting as many random noddy keys used to access a single server somewhere as they want. So even with an always-online constantly-updated dataset what you're getting is a best-effort subset of all compromised keys, which in turn means that while it would be nice to have access to an up-to-the-minute dataset, in practice access to even an older subset is still pretty good value. In particular I see it not as a magic bullet do deal with the vast number of likely-compromised but not necessarily known keys but more as a hygiene issue to catch test keys inadvertently used in production, that sort of thing. Like bad passwords, you're never going to be able to enumerate every possible weak password, but even rejecting the top ten will deal with the low-hanging fruit, force attackers to work a bit harder, and incentivise users to not use the weakest possible passwords out there. Peter. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/ME0P300MB0713274E3B266762280E1C31EE542%40ME0P300MB0713.AUSP300.PROD.OUTLOOK.COM.
