[cryptography] what has the NSA broken?

David Johnston dj at deadhat.com
Sat Sep 7 13:56:52 EDT 2013


On 9/6/2013 6:58 AM, Ralph Holz wrote:
> Hi,
>
> On 09/06/2013 07:12 AM, James A. Donald wrote:
>> Most private keys are issued by, not merely certified by, the CAs.
> Can you give numerical evidence for this claim?
>
>
Device certificates (those that go into mass manufactured products) 
typically have the CA provide both keys and cert. The back and forth of 
keygen->CSR->Sign->Return per product does not fit in the mindset of a 
manufacturer.

I suspect this is more certs than all the web site certs put together.




More information about the cryptography mailing list