On Tue, Dec 30, 2008 at 4:25 AM, Peter Gutmann <pgut...@cs.auckland.ac.nz> wrote: > Ben Laurie <b...@google.com> writes: > >>what happens when the cert rolls? If the key also changes (which would seem >>to me to be good practice), then the site looks suspect for a while. > > I'm not aware of any absolute figures for this but there's a lot of anecdotal > evidence that many cert renewals just re-certify the same key year in, year > out (there was even a lawsuit over the definition of the term "renewal" in > certificates a few years ago). So you could in theory handle this by making a > statement about the key rather than the whole cert it's in. OTOH this then > requires the crawler to dig down into the data structure (SSH, X.509, > whatever) to pick out the bits corresponding to the key.
Not really a serious difficulty. > Other alternatives > are to use a key-rollover mechanism that signs the new key with old one > (something that I've proposed for SSH, since their key-continuity model kinda > breaks at that point), and all the other crypto rube-goldbergisms you can > dream up. Yeah, that's pretty much the answer I came up with - another option would be to use both the old and new certs for a while. But signing the new with the old seems easiest to implement - the signature can go in an X509v3 extension, which means CAs can sign it without understanding it, and only Google has to be able to verify it, so all that needs to change is CSR generating s/w... --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
