Ian Grigg wrote:
Duane wrote:
Ian Grigg wrote:
Oh, ok! Now, how many of those are actual results of compromise? As opposed to routine replacements or expiries or other benign effects. Are we saying that CACert has a lot of compromises already? That would be a surprise.
I'm assuming quite a few would be from lost certs when they've reformatted or viruses did it for them.... While not being compromised
As expected. You know, in the Linux community, machines are hacked all the time, I guess we would have heard of stolen certs by now.
Why do you guess that ?
What makes you think people would communicate with you that their certs were compromised ?
And what makes you think that the Linux community cares about trusted X509 certs that they have to pay for, when they are perfectly happy to exchange untrusted public keys, that are FREE. That's most important to them, after all, not security.
Right. In OpenPGP, one is supposed to create a revocation certificate up front, and then keep that in a safe place. I have never bothered.
If you, with the knowledge you have of the issuer, haven't bothered, I wouldn't expect many other PGP users do either. Even if you created that revocation cert, it's possible you didn't back it up, or the data was lost, just like the private key data itself. It's a fundamentally broken revocation model.
_______________________________________________
mozilla-crypto mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-crypto
