How does GnuTLS handle the known-bad Debian keys?

[Chris Palmer]

I can't seem to find any key-blacklist-checking code in GnuTLS. Perhaps I'm not looking in the right places; I am very new to this codebase.

GnuTLS should use such a blacklist, either built-in or in an external package, because the fundamental guarantee of the library is to help applications establish secure connections. Connections authenticated with the weak Debian keys simply cannot provide that guarantee. This is one of those (hopefully rare) cases in which policy concerns impinge on what should be a pure mechanism.

From a utilitarian or pragmatic viewpoint, adding blacklist support in the library will help the most people with the least effort, as compared to e.g. having each individual application handle blacklisting known-bad keys. In fact, the latter is just not going to happen, and isn't happening now.

I have a trivial bit of portable C code that searches a blacklist of known-bad key fingerprints. I'll send it along if you want it, but first I thought I'd gauge people's interest. Or maybe you'll point me to where the code already does handle this. :)

I've CC'd my colleague Dan Auerbach of EFF, who has been working with me to audit the security of prominent open source applications.