[cabfpub] Critical Vulnerability Scenario
Ryan Sleevi
sleevi at google.com
Sat Jan 20 14:25:30 UTC 2018
Hi James,
I don't believe that's an issue the Forum itself can/would solve. I think
the examples of MD5 and SHA-1 are examples of the best one can expect, but
the issues here are largely not one of "Can CAs do something new", but of
ecosystem considerations beyond the control of CAs.
On Fri, Jan 19, 2018 at 5:56 AM, James Burton via Public <
public at cabforum.org> wrote:
> I know every CA already has a disaster plan in place to maintain certain
> level of continuity in case of failure, weather and etc. But is there a
> global contingency plan in place if a critical vulnerability was found in
> one of the key systems which required immediate change over to a different
> key-size, signature algorithm or etc.
>
> Could every CA right now in operation handle such a scenario and reissue
> nearly every certificate (if necessary) immediately? How long would it
> take? Could CT handle such an influx of requests?
>
> The goal is to achieve 100% secure web and I feel that a global
> contingency plan is needed in case of the unlikely event of this scenario
> ever happens.
>
> James
>
> _______________________________________________
> Public mailing list
> Public at cabforum.org
> https://cabforum.org/mailman/listinfo/public
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/public/attachments/20180120/4ec57438/attachment-0003.html>
More information about the Public
mailing list