On Tue, Jul 24, 2018 at 11:20 AM, Weikeng Chen <w...@berkeley.edu> wrote:
> Seems that recertifying the existing public key is kind of... non-standard
> practice?
>
> What would be the benefit of "key continuity"?

Key continuity has proven to be a more desirable security property
than random key changes. Clients can pin a server's public key and
obtain assurances without relying on third parties.

Certificate and public key pinning is the security control that
revealed Dignotar's compromise in 2011. Public key pinning is a little
easier in the mobile age because of short-lived certificates.

Also see Peter Gutmann's Engineering Security,
https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf

Jeff

-- 
You received this message because you are subscribed to "Crypto++ Users". More 
information about Crypto++ and this group is available at 
http://www.cryptopp.com and 
http://groups.google.com/forum/#!forum/cryptopp-users.
--- 
You received this message because you are subscribed to the Google Groups 
"Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cryptopp-users+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to