[Servercert-wg] SCXX Ballot proposal: Debian Weak keys

Jacob Hoffman-Andrews jsha at letsencrypt.org
Wed Jan 6 00:33:53 UTC 2021


On Tue, Jan 5, 2021 at 9:09 AM Rob Stradling <rob at sectigo.com> wrote:

> Since I still had a copy of my code lying around (and since there wasn't
> much else going on during Twixmas 😉 ), I figured I could turn it into a
> tool that's much easier for anyone to use...
> https://github.com/CVE-2008-0166
>

This is excellent, Rob! Thanks for making this. So, question for the list:
Assuming we satisfy ourselves (by code review and examination of the
output) that these tools generate the same keys that would have been
generated on an affected Debian system, are folks here supportive of
normatively specifying the Debian weak key check as a tool-based approach
that substitutes these tools for the current implicit tool of "a complete
Debian system?"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cabforum.org/pipermail/servercert-wg/attachments/20210105/6039c25e/attachment.html>


More information about the Servercert-wg mailing list