2023-12-06 02:56 GMT+01:00 Peter Gutmann <[email protected]>: > 'Aaron Gable' via [email protected] > <[email protected]> writes: > > >This is contrary to the current industry consensus. > > Just doing a sanity check here, key continuity has been a core feature of SSH > security for close to thirty years, and was finally adopted for PKI use as > well after a string of highly-public CA failures. Are you saying that the > consensus among all? most? CAs is that actively breaking key continuity/ > pinning is a good idea, or is this just a Let's Encrypt thing? Just trying to > get an idea of how widespread this is.
Not answering for Aaron, but I can confirm as a relying party that my understanding of the WebPKI industry consensus is that the benefits of key and certificate agility in this PKI outweigh those of key continuity. I commend Let's Encrypt for taking the support load hit to move the client tooling ecosystem forward, as they have been always doing. The comparison to SSH does not sound apt, as a TOFU model is fundamentally different from one where clients have regularly updated trusted root anchors. I am not sure what you mean by key continuity being adopted for PKI use, given the demise of HPKE now five years ago, but I'll point out that SSH supports certificates which are deployed regularly by large enterprises in a way that allows key flexibility. -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/16130364-da01-4dc0-b2a1-4770d9923046%40app.fastmail.com.
