Date: Sat, 07 Mar 2015 09:49:58 -0800 From: Daniel Kahn Gillmor <dkg@...thhorseman.net> To: Florian Weimer <fweimer@...hat.com>, oss-security@...ts.openwall.com Subject: Re: Certificate pinning and the browser PKI On Thu 2015-03-05 13:43:46 +0100, Florian Weimer wrote: > So for the browser PKI case, it may make sense to pin the server public > key instead (n *and *e), not the entire certificate. During regular > rollover, you can keep the public key, and you can have a pre-pinned > offline copy for emergency rollovers. yes, this is the right approach. in the HTTPS context, HPKP actually pins public keys, and not certificates. You can even pin the EE's public key and multiple backup offline public keys, so that in the event of a compromise of your EE's primary key, you can promote one of the backups to active use, generate a new backup, and still have other backups that can be considered valid even by clients that still only know of the old keys. Planning this way lets you sustain multiple rollover events over the lifetime of the PKP directive without locking out infrequent visitors. --dkg
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ