Re: [cryptopp-users] Website certificate renewal
On Tue, Jul 24, 2018 at 11:20 AM, Weikeng Chen wrote: > Seems that recertifying the existing public key is kind of... non-standard > practice? > > What would be the benefit of "key continuity"? Key continuity has proven to be a more desirable security property than random key changes. Clients can pin a server's public key and obtain assurances without relying on third parties. Certificate and public key pinning is the security control that revealed Dignotar's compromise in 2011. Public key pinning is a little easier in the mobile age because of short-lived certificates. Also see Peter Gutmann's Engineering Security, https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf Jeff -- You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [cryptopp-users] Website certificate renewal
Seems that recertifying the existing public key is kind of... non-standard practice? What would be the benefit of "key continuity"? On Tue, Jul 24, 2018 at 8:03 AM, Jeffrey Walton wrote: > Hi Everyone, > > We got a renewal notice for the website's certificate. I was going to try > Let's Encrypt and recertify the existing public key. > > The existing cert is from Comodo. We have to ping some folks out of band > for the cert and I want to avoid troubling them. > > The existing public key has not been compromised (to the best of my > knowledge) so I believe we can maintain key continuity. > > Does anyone have any objections? > > Jeff > > -- > You received this message because you are subscribed to "Crypto++ Users". > More information about Crypto++ and this group is available at > http://www.cryptopp.com and http://groups.google.com/ > forum/#!forum/cryptopp-users. > --- > You received this message because you are subscribed to the Google Groups > "Crypto++ Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cryptopp-users+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- Weikeng Chen @ 795 Soda Hall -- You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[cryptopp-users] Website certificate renewal
Hi Everyone, We got a renewal notice for the website's certificate. I was going to try Let's Encrypt and recertify the existing public key. The existing cert is from Comodo. We have to ping some folks out of band for the cert and I want to avoid troubling them. The existing public key has not been compromised (to the best of my knowledge) so I believe we can maintain key continuity. Does anyone have any objections? Jeff -- You received this message because you are subscribed to "Crypto++ Users". More information about Crypto++ and this group is available at http://www.cryptopp.com and http://groups.google.com/forum/#!forum/cryptopp-users. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.