[cabfpub] [cabfman] Update of Yngve's BR 1.1 issues + #10

Rick Andrews Rick_Andrews at symantec.com
Fri May 25 18:33:49 UTC 2012


Yngve,

> The reason I want this included is that, when the Debian weak keys were  
> discovered, it took months to get those certificates revoked. I want it to  
> be very clear that, in such cases, the certificate must be revoked  
> immediately (that is, within 24 hours of discovery).

The Debian issue is very different from the recent key entropy issue. With Debian, one was able to publish a complete list of bad keys for all CAs to check against. With the recent key entropy issue, there is no such list.

-Rick


More information about the Public mailing list