Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <87r3t0k88p.fsf@alice.fifthhorseman.net>
Date: Sat, 07 Mar 2015 09:49:58 -0800
From: Daniel Kahn Gillmor <dkg@...thhorseman.net>
To: Florian Weimer <fweimer@...hat.com>, oss-security@...ts.openwall.com
Subject: Re: Certificate pinning and the browser PKI

On Thu 2015-03-05 13:43:46 +0100, Florian Weimer wrote:
> So for the browser PKI case, it may make sense to pin the server public
> key instead (n *and *e), not the entire certificate.  During regular
> rollover, you can keep the public key, and you can have a pre-pinned
> offline copy for emergency rollovers.

yes, this is the right approach.  in the HTTPS context, HPKP actually
pins public keys, and not certificates.  You can even pin the EE's
public key and multiple backup offline public keys, so that in the event
of a compromise of your EE's primary key, you can promote one of the
backups to active use, generate a new backup, and still have other
backups that can be considered valid even by clients that still only
know of the old keys.  Planning this way lets you sustain multiple
rollover events over the lifetime of the PKP directive without locking
out infrequent visitors.

     --dkg

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.