In WebPKI, "key continuity" has resulted in numerous outages, some of which are effectively non-recoverable. Overall, we have learned that the global and distributed nature of WebPKI demands agility.
Ryan On Wed, Dec 6, 2023 at 5:27 AM Peter Gutmann <[email protected]> wrote: > Filippo Valsorda <[email protected]> writes: > > >I am not sure what you mean by key continuity being adopted for PKI use > > I meant the use of certificate pinning, so trusting the known-good cert > you've > seen before and, like SSH when a key changes, triggering an alert if it > changes. > > Peter. > > -- > You received this message because you are subscribed to the Google Groups " > [email protected]" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/SY4PR01MB6251D5B575FFD8981ACC72A6EE84A%40SY4PR01MB6251.ausprd01.prod.outlook.com > . > -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/CALVZKwbO4qieycr1taAVes_4iP4XvVrkA-Bt-LcYEOk7FRH0Mw%40mail.gmail.com.
