I threw together a quick Go library for using this API to see how it works
in a larger app.
https://github.com/adamdecaf/pwnedkeys
On Wed, Dec 19, 2018 at 3:34 AM Matt Palmer via dev-security-policy <
dev-security-policy@lists.mozilla.org> wrote:
> On Wed, Dec 19, 2018 at 11:30:47AM +0100, Kurt
Hi Ryan,
On Tue, Dec 18, 2018 at 08:24:48PM -0800, Ryan Hurst via dev-security-policy
wrote:
> My first thought is by using SPKI you have limited the service
> unnecessarily to X.509 related keys, I imagined something like this
> covering PGP, JWT as well as other formats. It would be nice to
On 2018-12-18 11:44, Matt Palmer wrote:
It's currently loaded with great piles of Debian weak keys (from multiple
architectures, etc), as well as some keys I've picked up at various times.
I'm also developing scrapers for various sites where keys routinely get
dropped.
You might for instance
Ryan Hurst via dev-security-policy
writes:
>My first thought is by using SPKI you have limited the service unnecessarily
>to X.509 related keys, I imagined something like this covering PGP, JWT as
>well as other formats. It would be nice to see the scope increased
>accordingly.
You can't do it
On Wed, Dec 19, 2018 at 11:30:47AM +0100, Kurt Roeckx via dev-security-policy
wrote:
> I'm not sure how you feel about listing keys where you don't have the
> private key for, but are known to be compromised anyway. One potential
> source for such information might be CRLs where the reason for
On 19/12/2018 04:14, Peter Bowen wrote:
> On Tue, Dec 18, 2018 at 6:52 PM Jeremy Rowley via dev-security-policy <
> dev-security-policy@lists.mozilla.org> wrote:
>
>> Ballot 202 failed. I’m not sure how it’s relevant other than to indicate
>> there was definite disagreement about whether
On Wed, Dec 19, 2018 at 10:08:51AM +0100, Kurt Roeckx via dev-security-policy
wrote:
> On 2018-12-18 11:44, Matt Palmer wrote:
> > It's currently loaded with great piles of Debian weak keys (from multiple
> > architectures, etc), as well as some keys I've picked up at various times.
> > I'm also
On 2018-12-19 10:55, Matt Palmer wrote:
On Wed, Dec 19, 2018 at 10:08:51AM +0100, Kurt Roeckx via dev-security-policy
wrote:
On 2018-12-18 11:44, Matt Palmer wrote:
It's currently loaded with great piles of Debian weak keys (from multiple
architectures, etc), as well as some keys I've picked
Hi Matt. This is great. A few comments inline...
On 19/12/2018 09:00, Matt Palmer via dev-security-policy wrote:
> Hi Ryan,
>
> On Tue, Dec 18, 2018 at 08:24:48PM -0800, Ryan Hurst via dev-security-policy
> wrote:
>> My first thought is by using SPKI you have limited the service
>>
While I appreciate you sharing what you have, as I tried to capture in my
previous message, I don't believe there can be any discussion or
consideration in earnest without the full and final information. I don't
think it's reasonable to drip in information piece meal, given the impact
and affect
We will post the full list of exceptions today.
One of the big factors should be the risk to the industry/community if the
certificates aren’t revoked. Perhaps we can identify what the risk to the
community is in revocation delays first? There’s no need to know the exact
certs to talk
On Wed, Dec 19, 2018 at 05:20:59PM +, Jeremy Rowley via dev-security-policy
wrote:
> One of the big factors should be the risk to the industry/community if the
> certificates aren’t revoked. Perhaps we can identify what the risk to the
> community is in revocation delays first? There’s no
Done:
https://bugzilla.mozilla.org/show_bug.cgi?id=1515564
It ended up being about 1200 certs total that we are hearing can’t be replaced
because of blackout periods.
From: Ryan Sleevi
Sent: Wednesday, December 19, 2018 11:05 AM
To: Jeremy Rowley
Cc: r...@sleevi.com;
13 matches
Mail list logo
