Am 29.11.2016 um 00:37 schrieb Alice Wonder: > On 11/28/2016 03:04 PM, sivmu wrote: >> >> >> Am 28.11.2016 um 23:23 schrieb Alice Wonder: >>> On 11/28/2016 02:12 PM, Raoul Bhatia wrote: >>>> I've successfully transitioned existing StartSSL certificates + HPKP / >>>> HSTS to letsencrypt.sh (via the Debian package). >>>> >>>> I know I am not the first to do such a thing, but maybe you'd like to >>>> have some quick pointers to get this resolved ASAP. >>>> >>>> Raoul >>>> >>>> PS. The most important thing is to initially tell letsencrypt.sh to >>>> reuse an existing private key for requesting new certs. >>> >>> And that is exactly why I never use HPKP - it does not give the system >>> administrator any flexibility when a new cert / key is needed. >>> >>> In theory there should be a backup key already with a pin to take care >>> of cases where the private key is compromised, but as soon as you have >>> to use it you are vulnerable to bricking the site for some users if that >>> key needs to be revoked. >>> >>> It also gives no flexibility whatsoever when you have to fire a system >>> administrator who may have had access to private keys. Normally in that >>> situation you generate new keys, but with HPKP you are stuck keeping the >>> old keys active until the new keys have had their pins in the header >>> longer than the TTL. >>> >> >> This issue can be solved by using sort life spans for certificates/keys >> like lets encrypt does. At least it reduces the drawbacks > > No it doesn't solve the problem, the certificate lifespan has nothing to > do with the private key. > >> >> >>> Why people like HPKP so much is a real mystery to me. >>> >> >> Because HPKP recreates some level of trust in a (almost) compleately >> broken and highly flawed system? > > It's a broken solution that only somewhat works for one very specific > application of x509 certificates. > > A better solution (DANE) exists, is not limited to HTTPS, and doesn't > prevent you from deploying freshly generated private keys in an emergency. >
DANE has its onw drawbacks, and also provides only an alternative cert autority system (the DNS root) which has the same or at least simular problems the the existing one. It provides additional security yes, but it is not nearlz as resistant to elaborated attacks then HPKP. Expeciallz government level adversaries only need very little effort to break the common ssl cert system and the DNS cert system, while they won't be able to break HPKP because it lacks the central autorieties. A simular solution will be available for smtp soon as well. I get why HKPK is frowned upon by some people, but in my opinion it is way better from a security standpoint the any solution that required central entities.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
