On 14/07/2017 16:07, Alex Gaynor wrote:
On Fri, Jul 14, 2017 at 10:03 AM, Ryan Sleevi via dev-security-policy <
[email protected]> wrote:
On Fri, Jul 14, 2017 at 9:44 AM, Hanno Böck via dev-security-policy <
[email protected]> wrote:
...
>> ...
Ultimately I'm inclined to say that there really shouldn't be any good
reason at all to ever reuse a key. (Except... HPKP)
I see. I think I'd strongly disagree with that assertion. There are lots of
good reasons to reuse keys. The most obvious example being for
shorter-lived certificates (e.g. 90 days), which allow you to rotate the
key in case of compromise, but otherwise don't require you to do so.
Considering revocation information is no longer required to be provided
once a certificate expires, it _also_ means that in the CA Foo case, with
Key X compromised, the subscriber could get another cert for it once the
original cert has expired (and thus revocation information no longer able
to be provided)
What you described is a case where it's not harmful to reuse a key, not a
case in which it's a good reason to. Indeed defaulting to rotating your key
on every new certificate is probably the safest choice, as it ensures that
"key compromise" is no different from any other rotation, and keeps that
hinge well oiled.
His scenario did include "Key X compromised" .
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
