|
|
|
|
|
|
by bwesterb
65 days ago
|
|
|
No need for a TLS 1.4. Leaf certificates don't last long, but root CAs do. An attacker can just mint new certs from a broken root key. Hopefully many devices can be upgraded to PQ security with a firmware update. Worse than not receiving updates, is receiving malicious firmware updates, which you can't really prevent without upgrading to something safe first. |
|
|
In Chrome at the very least, the certificate not being in the certificate transparency logs should throw errors and report issues to the mothership, and that should detect abuse almost instantly.
You'd still be DoSing an entire certificate authority because a factored CA private key means the entire key is instantly useless, but it wouldn't allow attacks to last long.