W3C home > Mailing lists > Public > public-wsc-wg@w3.org > January 2008

Re: Troubles with KCM

From: Serge Egelman <egelman@cs.cmu.edu>
Date: Wed, 23 Jan 2008 09:37:43 -0800
Message-ID: <47977B67.5000409@cs.cmu.edu>
To: public-wsc-wg@w3.org

Yes, this begs the question: if not every browser is doing this, will it 
cause people to switch to the browsers that allow you to proceed?

serge

Thomas Roessler wrote:
> As a cautionary tale why key continuity management isn't easy: I've
> got a Linksys wireless router at home, and use HTTPS to access it --
> at least defending against passive attacks when entering passwords.
> 
> The router generates certificates on the fly, and these are dodgy to
> say the least.
> 
> Using Firefox 3 b2 (which overall has a reasonably nice interface
> for TLS errors!), I now get an error message without any overrides;
> apparently, that browser keeps a record of certificate fingerprints,
> serial number, and issuers, whereas the linksys router likes to
> recycle certificate serial numbers.
> 

-- 
/*
PhD Candidate
Carnegie Mellon University

"Whoever said there's no such thing as a free lunch was never a grad 
student."

All views contained in this message, either expressed or implied, are 
the views of my employer, and not my own.
*/
Received on Wednesday, 23 January 2008 17:39:06 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:14:20 UTC