|
|
|
|
|
|
by vlovich123
2004 days ago
|
|
|
He’s referring to the leaks about NSA putting back doors into algorithms that Snowden leaked. Those algorithms were suspect from the beginning and avoided. It’s possible ones have gone undetected but that’s pure speculation without any kind of proof at this time. It’s also wholly irrelevant to this discussion and just pure FUD. Certificate expiration is needed to make certificate revocation perform well. Otherwise you need to keep the list of all certificates ever revoked whereas with expiration you can ignore checking expired certificates and more importantly revocation lists you download can prune certs that are otherwise expired anyway. If anything, now that everything is connected to the internet you want shorter revocations (like days, weeks or months). That way the potential for abuse is shorter and the path for renewal is better trodden by organizations (ie less likely to forget about an expiring cert). [1]
https://www.theverge.com/2013/12/20/5231006/nsa-paid-10-mill... [2] https://en.m.wikipedia.org/wiki/RSA_BSAFE [3] https://en.m.wikipedia.org/wiki/Bullrun_(decryption_program) |
|
|