Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

US-CERT -- Expiring Keys

0 views
Skip to first unread message

David E. Ross

unread,
Sep 18, 2009, 1:23:59 PM9/18/09
to
Twice recently, I notified US-CERT (an agency of the U.S. Department of
Homeland Security) that some of its PGP keys expire the end of this
month. One key is used to communicate computer vulnerabilities to
US-CERT; another key is used to authenticate notices sent by US-CERT
about such vulnerabilities. I have received no response to my messages,
and no new keys are available.

See "A Case Study" in my
<http://www.rossde.com/PGP/key_mgmnt.html#replace> for the mess created
last year when US-CERT keys expired.

--

David E. Ross
<http://www.rossde.com/>.

Don't ask "Why is there road rage?" Instead, ask
"Why NOT Road Rage?" or "Why Is There No Such
Thing as Fast Enough?"
<http://www.rossde.com/roadrage.html>

David W. Hodgins

unread,
Sep 18, 2009, 2:21:34 PM9/18/09
to
On Fri, 18 Sep 2009 13:23:59 -0400, David E. Ross <nob...@nowhere.not> wrote:

> and no new keys are available.

See http://www.cert.org/contact_cert/encryptmail.html
Expires: 2010-10-01

Regards, Dave Hodgins

--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

David E. Ross

unread,
Sep 18, 2009, 7:40:02 PM9/18/09
to
On 9/18/2009 11:21 AM, David W. Hodgins wrote:
> On Fri, 18 Sep 2009 13:23:59 -0400, David E. Ross <nob...@nowhere.not> wrote:
>
>> and no new keys are available.
>
> See http://www.cert.org/contact_cert/encryptmail.html
> Expires: 2010-10-01
>
> Regards, Dave Hodgins
>

CERT at Carnegie Mellon University is not the same as US-CERT at the
Department of Homeland Security. Your link is to the former. My
concern is about the latter.

David E. Ross

unread,
Sep 18, 2009, 7:41:21 PM9/18/09
to
On 9/18/2009 10:23 AM, David E. Ross wrote:
> Twice recently, I notified US-CERT (an agency of the U.S. Department of
> Homeland Security) that some of its PGP keys expire the end of this
> month. One key is used to communicate computer vulnerabilities to
> US-CERT; another key is used to authenticate notices sent by US-CERT
> about such vulnerabilities. I have received no response to my messages,
> and no new keys are available.
>
> See "A Case Study" in my
> <http://www.rossde.com/PGP/key_mgmnt.html#replace> for the mess created
> last year when US-CERT keys expired.
>

I sent an E-mail to the first person who signed the expiring keys. He
replied that they are aware of the pending expirations and plan to deal
with them. I just hope they deal with them better than they did last
year.

David W. Hodgins

unread,
Sep 18, 2009, 7:45:05 PM9/18/09
to
On Fri, 18 Sep 2009 19:40:02 -0400, David E. Ross <nob...@nowhere.not> wrote:

> CERT at Carnegie Mellon University is not the same as US-CERT at the
> Department of Homeland Security. Your link is to the former. My
> concern is about the latter.

My mistake. Thanks for working to keep things running properly.

0 new messages