Hi,

On 03.09.21 13:11, Simon Richter wrote:
[Revocation mechanism]
If we don't have one, shouldn't we worry more about that given the
widespread use of TLS?
We have a big hammer, shipping a new ca-certificates package. If we want something that only affects apt, but not other packages, that mechanism doesn't exist yet.

I think that's an interesting point, not just for revocation. There are forces pushing for more agility, switching out roots of trust more frequently. So for very old releases, you usually had the signing key of the next release on disk, so you could move to the next release. In this case you sort of risk not having the TLS authority on disk to make that happen. And of course we need to track what the authorities are doing that our frontends are using (e.g. [1] around how to deal with old Android devices).

But then I'm not sure how much we need to care about ancient releases that are out of security support. We would need to commit to regularly update the certificate bundle, though.

To your other point: I don't think managing trust into individual CAs will scale. We cannot really anticipate which CAs we are going to use in the future.

Kind regards
Philipp Kern

[1] https://letsencrypt.org/2020/12/21/extending-android-compatibility.html

Reply via email to