[cryptography] what has the NSA broken?
holz at net.in.tum.de
Sun Sep 8 07:52:21 EDT 2013
>>> Most private keys are issued by, not merely certified by, the CAs.
>> Can you give numerical evidence for this claim?
> Device certificates (those that go into mass manufactured products)
> typically have the CA provide both keys and cert. The back and forth of
> keygen->CSR->Sign->Return per product does not fit in the mindset of a
> I suspect this is more certs than all the web site certs put together.
An interesting point, certainly. Two caveats, both of which I have to
systematically verify for SSL, however (I have already verified them for
1) Mass-produced devices like to use default keys - Heninger et al.
showed that quite conclusively last year. I.e. we are not looking at
distinct certificates, and not such ones for private use. I can verify
that with our latest scan of today, which was IPv4-wide. It will take me
a bit to wade through the subjects, issuers, SKID and AKID.
2) On the same line: why have a device key signed by a CA anyway if you
are going to use it for all devices of one line?
3) When we look at distinct certs, I am not so sure that your argument
"more than all Web certs put together" still holds. Again, I need a
moment to check that.
I8 - Network Architectures and Services
Technische Universität München
PGP: A805 D19C E23E 6BBB E0C4 86DC 520E 0C83 69B0 03EF
More information about the cryptography