Thanks for publishing this spec, Chrises! On 09/12/2011 05:56 PM, Chris Palmer wrote:
> (Sites can pin to one or more public keys in end entity, subordinate
> CA, and/or root CA certificates, for flexibility and disaster
> recovery.)
I think more discussion about the relative consequences of pinning EE
vs. intermediate CA vs. root CA certs would be useful.
From my perspective, i see no advantage to pinning any of the CAs -- if
your EE is compromised, you're sunk. And since the mechanism provides a
mechanism (and nice instructions, thanks) for transition to an emergency
offline backup EE key+cert, that is all handled well.
What advantage would a site gain from pinning to an intermediate or root
CA? It seems that all this would do is expose the site operators to
(limited, thankfully) extortion from the CA in question.
The only situation where i can see it being useful is to ease deployment
in a situation where the operating organization operates their own CA.
If this is the only circumstance where it is advisable to pin a CA cert
instead of an EE cert, that should probably be added to the
documentation explicitly.
Or is there some other circumstance that it would be actually useful
that i'm missing?
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
