- From: Ian Fette <ifette@google.com>
- Date: Thu, 24 Jan 2008 09:54:41 -0800
- To: "Stephen Farrell" <stephen.farrell@cs.tcd.ie>
- Cc: public-wsc-wg@w3.org
Received on Thursday, 24 January 2008 17:55:01 UTC
We can have all the text we want, but these devices are already in the pipeline and we have to deal with them :( On Jan 23, 2008 10:49 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > > Thomas Roessler wrote: > > As a cautionary tale why key continuity management isn't easy: I've > > got a Linksys wireless router at home, and use HTTPS to access it -- > > at least defending against passive attacks when entering passwords. > > > > The router generates certificates on the fly, and these are dodgy to > > say the least. > > > > Using Firefox 3 b2 (which overall has a reasonably nice interface > > for TLS errors!), I now get an error message without any overrides; > > apparently, that browser keeps a record of certificate fingerprints, > > serial number, and issuers, whereas the linksys router likes to > > recycle certificate serial numbers. > > That last is a bug in the router IMO, serial numbers should be cheap, > even if you reboot the router. (They can be essentially random.) > > So, maybe we should have some text advising SSC generators on how > to be good? > > S. > > >
Received on Thursday, 24 January 2008 17:55:01 UTC