On 12/02/2016 12:47 AM, Terje Elde wrote:
On 30 Nov 2016, at 22:51, Gunnar Haslinger <[email protected]> wrote:
when pinning your certificates you can include one whose
coresponding key is not on the machine but acts as the backup key, maybe
even offline.
Not "can", its not an option it is mandatory!
The browsers will NOT accept HPKP pinning if you don't add an currently unused
backup key.
Just a quick reminder:
It can be a backup key that you have, but it can also be that of another CA.
Or completely random. Bad idea, but the browsers would accept it.
On another note;
In general, when comparing and contrasting the CA-system, DANE/DNSSEC and HPKP,
let’s also keep the following in mind;
HPKP allows me to lock users into my keys. It gives me control over which keys
the users will trust for my domains, and the services I’m trying to securely
provide them with.
Neither the CA-system nor DANE/DNSSEC really does that, not in a generic and
“always" accessible way.
DNSSEC locks the user into fingerprints signed by my private signing
key. This is not a signing key that the TLD has access to.
You can argue that a nefarious actor could create their own signing key
and get the TLD to sign the DS records associated with that key, but
that is a very visible action that would be seen in the DNS responses
from the TLD. It's out in the open.
_______________________________________________
Ach mailing list
[email protected]
http://lists.cert.at/cgi-bin/mailman/listinfo/ach
