Nelson B Bolyard wrote: > Ian G wrote, On 2008-10-20 19:24: > >> There are possibilities. One is the server-side self-signed certs, >> which would generally prefer KCM to be useful, so add Petnames. >> This is ok for small sites, small communities, but valuable there as >> compromised boxes are a pain. > > The Debian OpenSSL fiasco caused the creation of 3*65536 bad keys of > each and every conceivable size (e.g., 1024 bit, 1025 bit, 1026 bit ...). > A file was created that contained all those keys for two popular sizes, > 1024 bit and 2048 bit, and when compressed, that file is about the size > of the entire browser download. > > It is widely agreed that, since KCM has no central revocation facility,
KCM is not central, period. Talking about revocation is a strawman. > the only way to effectively handle revocation is for individual KCM > clients and servers, which is to say, users, to download those enormous > files of bad keys, and check their sets of trusted keys against those > files. Tools for doing that are available to SSH users now. Users who > don't do that, who don't download and use those enormous compromised key > lists (CKLs) and their checking programs, will be forever vulnerable to > those compromised keys. What's your point? Sounds to me like most of the last 1000 security bugs. Patch it, or remain vulnerable? It seems like you are searching for any reason to stick that stake in the heart of KCM. Problem is, it has to be an honest stake; the concept doesn't care if you don't like it. > Further, new KCM keys should be tested against those files before being > added to the user's trusted list. This has given rise to the proposal > to add code to do that to the browser. But the prospect of adding such > enormous CKLs to browser downloads seems to be unacceptable to nearly > everyone in Mozilla land. What has this got to do with KCM? Is KCM being used to create keys now? Or are you saying that the KCM module has to now test all the PKI keys too? > I think that says that KCM really must be > relegated to the uses that really don't care about MITM, not even in the > least tiny little bit. Nelson, you sound really bitter about this. SSH has protected people for a decade or more. If you can't see why that is, well, perhaps you can at least see that people are not abandoning it, and it will be protecting for another decade. > Personally, I have no such uses. I have no need for encryption that is > vulnerable to MITM, but evidently lots of people think they do. If your choice is to pay that cost, yourself, that's fine. Just be careful that you are not one of the ones who dictate to others how much they will pay for your choices. iang
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
