Oh, this one I know very well.
Since you acknowledge that this kind of thing takes forever, perhaps you understand why there are incentives not to make the current system worse but to make incremental improvements?
Sure, and I even suggested such an incremental improvement above: allow vendors to implement date-based death penalties using blacklists.
But at the same time, I donât think there is any way for the incremental improvements to keep pace with the attacks looming on the horizon. If it takes us 20 years to stop using SHA-1, and quantum computers (my research area!) are 15 years around the corner, and we havenât started moving off RSA, DH, and ECC five years ago, then where does that leave us? Dead.
(I wasnât involved with SHA-1, but I was involved in the effort to get Microsoft to stop using MD5 ten years ago. And yes it sucked.)
I feel like we are going around in circles. Yes, revoke the rogue certs! Donât revoke the root!
2 Likes
Hell, just burn it all.
1 Like
As long as we start with your house and property first, sure.
1 Like
This topic was automatically closed after 5 days. New replies are no longer allowed.
