Hi all,
Today researchers announced a vulnerability they discovered in RSA keys
generated by a particular piece of firmware, which allows practical
factorization of the private key given just the public key.
Full details of the research here:
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
As per previous discussions and
https://wiki.mozilla.org/CA:Symantec_Issues, a consensus proposal[0] was
reached among multiple browser makers for a graduated distrust of
Symantec roots.
Here is Mozilla’s planned timeline for the graduated distrust of
Symantec roots (subject to change):
*
As per previous discussions and
https://wiki.mozilla.org/CA:Symantec_Issues, a consensus proposal[0] was
reached among multiple browser makers for a graduated distrust of
Symantec roots.
Here is Mozilla’s planned timeline for the graduated distrust of
Symantec roots (subject to change):
*
Adding code to Firefox to support the distrust of specified subCAs seems
like it would be a good long-term investment for Mozilla, as it would give
Mozilla a lot more flexibility during future distrust events.
-- Eric
On Mon, Oct 16, 2017 at 1:32 PM, Gervase Markham via dev-security-policy <
On Monday, 16 October 2017 18:32:54 UTC+1, Gervase Markham wrote:
> = Symantec roots to be disabled via code, *not* removed from NSS =
>
> GeoTrust Global CA
> GeoTrust Primary Certification Authority - G2
> GeoTrust Primary Certification Authority - G3
>
> = Symantec roots that will be fully
On 16/10/17 20:01, Matthew Hardeman via dev-security-policy wrote:
The authors of the paper on the weak RSA keys generated by Infineon TPMs and
smart cards have published code in multiple languages / platforms that provide
for an efficient test for weakness by way of the Infineon TPM bug.
On 16/10/2017 21:01, Matthew Hardeman wrote:
The authors of the paper on the weak RSA keys generated by Infineon TPMs and
smart cards have published code in multiple languages / platforms that provide
for an efficient test for weakness by way of the Infineon TPM bug.
Perhaps this should be a
Thank you to those of you who reviewed and commented on this request from
SSL.com to include the “SSL.com Root Certification Authority RSA”, “SSL.com
Root Certification Authority ECC”, “SSL.com EV Root Certification Authority RSA
R2”, and “SSL.com EV Root Certification Authority ECC” root
On Mon, Oct 16, 2017 at 10:32 AM, Gervase Markham via
dev-security-policy wrote:
> As per previous discussions and
> https://wiki.mozilla.org/CA:Symantec_Issues, a consensus proposal[0] was
> reached among multiple browser makers for a graduated distrust of
On Mon, Oct 16, 2017 at 09:14:29PM +0100, Rob Stradling via dev-security-policy
wrote:
> On 16/10/17 20:01, Matthew Hardeman via dev-security-policy wrote:
> > The authors of the paper on the weak RSA keys generated by Infineon TPMs
> > and smart cards have published code in multiple languages /
10 matches
Mail list logo