* Gunnar Haslinger <[email protected]> [16/03/2017 21:20:14] wrote: > Regarding using Let's Encrypt with TLSA/DANE and HPKP: > > I wrote a short Blog-entry about using Let's encrypt with CSRs - keeping > the RSA-Keypair when renewing the certificate. > > maybe somebody finds this helpful (in German): > https://hitco.at/blog/lets-encrypt-csr/ > > > As keeping the RSA-Keypair when renewing Certificates is not > best-practice security, probably this is *not* a chapter you would like > me to add to the BetterCrypto-Guide?
Maybe I misunderstand, but why would you want to do that? You can do a key-rollover just fine with HPKP headers and TLSA records. Aaron
signature.asc
Description: Digital signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
