Re: Troubles with KCM

Thomas Roessler wrote:
> As a cautionary tale why key continuity management isn't easy: I've
> got a Linksys wireless router at home, and use HTTPS to access it --
> at least defending against passive attacks when entering passwords.
> 
> The router generates certificates on the fly, and these are dodgy to
> say the least.
> 
> Using Firefox 3 b2 (which overall has a reasonably nice interface
> for TLS errors!), I now get an error message without any overrides;
> apparently, that browser keeps a record of certificate fingerprints,
> serial number, and issuers, whereas the linksys router likes to
> recycle certificate serial numbers.

That last is a bug in the router IMO, serial numbers should be cheap,
even if you reboot the router. (They can be essentially random.)

So, maybe we should have some text advising SSC generators on how
to be good?

S.

Received on Thursday, 24 January 2008 06:49:27 UTC