On 09/04/11 18:05, Adam Barth wrote:
In addition to thinking about orderly transitions to new certificates (as you mention), there's also the case of disorderly transitions. For example, what happens if the site's private key gets compromised and it wishes to move to a new certificate before it planned.
This is why it seems to me that certificate attribute locking, as opposed to particular certificate locking, has to be the way to go.
The entire point of PKI, as opposed to models like SSH/TOFU, is that it's not the particular certificate which matters, but the chain to the point of trust. The aim of "locking" is to segment the trust landscape so that a site can say "do not trust all X hundred CAs for my site, trust only this one, or these two". They can then insulate themselves from the possibility of a compromise elsewhere.
Pinning a particular certificate seems to meet this goal only imperfectly. Gerv _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
