How does GnuTLS handle the known-bad Debian keys?

[Chris Palmer]

I can't seem to find any key-blacklist-checking code in GnuTLS. Perhaps I'm not 
looking in the right places; I am very new to this codebase.

GnuTLS should use such a blacklist, either built-in or in an external package, 
because the fundamental guarantee of the library is to help applications 
establish secure connections. Connections authenticated with the weak Debian 
keys simply cannot provide that guarantee. This is one of those (hopefully 
rare) cases in which policy concerns impinge on what should be a pure mechanism.

From a utilitarian or pragmatic viewpoint, adding blacklist support in the 
library will help the most people with the least effort, as compared to e.g. 
having each individual application handle blacklisting known-bad keys. In fact, 
the latter is just not going to happen, and isn't happening now.

I have a trivial bit of portable C code that searches a blacklist of known-bad 
key fingerprints. I'll send it along if you want it, but first I thought I'd 
gauge people's interest. Or maybe you'll point me to where the code already 
does handle this. :)

I've CC'd my colleague Dan Auerbach of EFF, who has been working with me to 
audit the security of prominent open source applications.