Nick Lamb <[email protected]> wrote: > There's a recurring pattern in most of the examples. A technical > counter-measure would be possible, therefore you suppose it's OK to > screw-up and the counter-measure saves us.
Right. > I believe this is the wrong attitude. These counter-measures are defence > in depth. We need this defence because people will screw up, but that > doesn't make screwing up OK. > With that attitude, CAs would never issue intermediate CAs with name constraints as the technical constraint on reasonable terms (not costing a fortune, not forcing you to let the issuing CA have the private key), and key pinning would remain too dangerous for the vast majority of sites to ever deploy. Giving up those things would be a huge cost. What's the actual benefit to end users in giving them up? (Note: Key pinning isn't the only advantage to being able to freely operate your own intermediate CA.) Cheers, Brian -- https://briansmith.org/ _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
