[cryptography] what has the NSA broken?
holz at net.in.tum.de
Fri Sep 6 09:58:50 EDT 2013
On 09/06/2013 07:12 AM, James A. Donald wrote:
> Most private keys are issued by, not merely certified by, the CAs.
Can you give numerical evidence for this claim?
The CAs I work with - StartSSL and DFN - either allow to send CSRs or
use the HTML keygen method. I'd be surprised if a majority of CAs
insisted on generating the key for you.
The Baseline Requirements by CABForum furthermore state that a CA must
not archive the private keys.
I8 - Network Architectures and Services
Technische Universität München
PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF
More information about the cryptography