new (2003-11-30) keyanalyze results

[David Champion]

* On 2003.12.01, in <20031201150933.GA3184 at jabberwocky.com>,
*	"David Shaw" <dshaw at jabberwocky.com> wrote:
> > 
> > Hmm. I wonder if somebody shouldn't just revoke them. (As proof that
> > they are *really* vulnerable).
> 
> Heh.  I was waiting for someone to suggest this.  I'm a little
> surprised it took this long. ;)
> 
> Using a compromised key to revoke a key out from under someone else
> raises some interesting ethical questions.  It's similar (though not

I think it's pretty easy to call it "unethical" without much further
consideration. It's the same as entering a protected system with an
exploitable vulnerability and "fixing" it, without regard to what
internal subsystems this "fix" breaks. There's always someone whose
daily routine depends on something that's tangentially broken, who
would be glad to fix it as soon as they're back in the office, or a
maintenance window opens, or their grandmother's out of the hospital,
or whatever. You might catch 20 people who simply know no better, but
there's a 21st who critically cannot change at this moment.

(... Or worse. There are some fairly significant systems in the world
that depend on everyday software. Disrupting these actually can cause
physical harm to individual human beings, and in the absence of
knowledge that this won't happen, it's nobody's business to roll the
dice.)

While it's arguably of interest to me if you have a vulnerable key --
a WOT is a popular concern, not a private one -- I'm in no position to
judge the impact of breaking your key upon your business, or anyone
else's whom you deal with. So I'm in no position to break that key.

I don't mean to defend the poor software design practices that create
these situations, only to acknowledge that they exist and have real
impact, whatever their origin.

-- 
 -D.    dgc at uchicago.edu
 University of Chicago > NSIT > VDN > ENSS > ENSA > You are here
 .  .  .  .  .  .  .
 always line up dots