On Thu, Aug 1, 2013 at 12:30 PM, Chris Palmer <[email protected]> wrote:
> On Mon, Jul 29, 2013 at 9:13 AM, Phillip Hallam-Baker <[email protected]> > wrote: > > > If we have a diginotar type situation again (FSM forefend), we want the > pins > > to a root to be broken at the same time the root is unloaded, yes? > > If the root of a site's cert chain --- really, any signer --- is > blacklisted or even just removed from the trust anchor store, pins and > Pin Validation are irrelevant since the chain won't validate. Pin > Validation happens only *after* all other certificate chain checks are > performed. My point is that the people who were customers of Diginotar had to get new certs quickly. The Dutch government has complained in several forums about the way in which the Diginotar root was revoked. They had an entire national port unable to function as a result. If the root is revoked, the pins have to become inoperable and allow a user to get a cert from any vendor. Continuity of business is an issue here. -- Website: http://hallambaker.com/
_______________________________________________ websec mailing list [email protected] https://www.ietf.org/mailman/listinfo/websec
