[Cryptography] PRISM-Proofing and PRISM-Hardening

Viktor Dukhovni cryptography at dukhovni.org
Wed Sep 18 10:30:06 EDT 2013

On Tue, Sep 17, 2013 at 11:48:40PM -0700, Christian Huitema wrote:

> > Given that many real organizations have hundreds of front end
> > machines sharing RSA private keys, theft of RSA keys may very well be
> > much easier in many cases than broader forms of sabotage.
> Or we could make it easy to have one separate RSA key per front end, signed
> using the main RSA key of the organization.

This is only realistic with DANE TLSA (certificate usage 2 or 3),
and thus will start to be realistic for SMTP next year (provided
DNSSEC gets off the ground) with the release of Postfix 2.11, and
with luck also a DANE-capable Exim release.

For HTTPS, there is little indication yet that any of the major
browsers are likely to implement DANE support in the near future.


More information about the cryptography mailing list