[cabfpub] [cabfman] Update of Yngve's BR 1.1 issues + #10
Rick Andrews
Rick_Andrews at symantec.com
Fri May 25 18:33:49 UTC 2012
Yngve,
> The reason I want this included is that, when the Debian weak keys were
> discovered, it took months to get those certificates revoked. I want it to
> be very clear that, in such cases, the certificate must be revoked
> immediately (that is, within 24 hours of discovery).
The Debian issue is very different from the recent key entropy issue. With Debian, one was able to publish a complete list of bad keys for all CAs to check against. With the recent key entropy issue, there is no such list.
-Rick
More information about the Public
mailing list