On 15/08/13 13:22 PM, Mikko Rantalainen wrote:
On Thursday, 15 August 2013 12:23:18 UTC+3, Gervase Markham wrote:
On 14/08/13 07:09, Mikko Rantalainen wrote:
I'd say that such a bookmark would be highly probably safe, if that
bookmark did include fingerprint for the site public key (*not CA key
fingerprint*) and the browser did verify the fingerprint before
entering the site.
Except that the bookmark would break with a scary warning whenever the
site changed its key - i.e. once every two years.
No. The site's public key does not need to be changed to request a new
certificate. CA signed certificate is technically a digital signature saying
that given public key signature belongs to a site.
Right. The CA is the authority. Only the authority's changed view
needs to be communicated. So if the CA hasn't changed its view, and a
new certificate turns up (with or without a new key) then the authority
is still stating the same thing: this domain is secured by this key.
(However, the browser declines to show the authority's view, instead
showing a 'derivative' view that is really the browser vendor's view.
Or, the browser is the authority, in which case, Mozilla is the CA.
Pick your model... Either way, these things have all been coded up, got
working, etc. Accept no excuses.)
... You can create a new signature without changing the public key. The only
reason CAs need to renew the signatures in the first place is that they sign
for limited time for monetary purposes. (Officially CAs claim that the time
limit is for security purposes but why allow 2 year certs if time limit
increases security? Why not issue a new signature every day and be done with
broken revocation lists?)
You'll upset people if you start talking like that :)
iang
_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
