Your message dated Fri, 30 May 2025 00:02:45 +0000
with message-id
<caeri_ie6b-fahb2ofhwq_olmhldqnwnafoq0xff3b3wjuy+...@mail.gmail.com>
and subject line Re: Certbot should reuse existing key pair when available
has caused the Debian Bug report #1093139,
regarding Certbot should reuse existing key pair when available
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1093139: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093139
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: certbot
Version: 2.1.0-4
Tags: bookworm
Let's Encrypt is switching to short-lived certificates in an attempt
to manage revocations more efficiently.[0,1] The thinking is, by
ensuring the certificate expires quickly, relying parties will have
less reliance on revocations lists in case a CA is compromised.
The problem is practice is, certbot generates a new key pair by
default when renewing a certificate. The new key pair breaks
continuity schemes. Continuity schemes, like public key pinning, are a
better security property than gratuitous key rotation. Pinning a
public key means relying parties no longer need to rely on trust.
("Trust" is what to use when there are no security controls to place,
like public key pinning).
This problem has always existed, but it seems like it is going to
become more acute based on a 6-day lifetime. Asking users who practice
pinning to update their pinsets every 6 days is excessive. It creates
an undue burden on those folks who want the higher assurances provided
by pinning. The issue has been raised with folks on Mozilla's
dev-security-policy mailing list.[2,3]
And according to discussions on Mozilla's dev-security-policy mailing
list, CAs maintain a blacklist of compromised keys. Additionally, a
public database of compromised key pairs is available.[4,5] In both
cases, CAs can refuse to issue a certificate based on a known
compromised key.
Please consider adding the `reuse-key = True` option to certobt's ini
file to promote key continuity. Or, in case certbot is being invoked
via the command line, then use the `--reuse-key` option to promote key
continuity.
[0] A Note from our Executive Director,
<https://letsencrypt.org/2024/12/11/eoy-letter-2024/>
[1] Short-Lived Certificates Coming to Let’s Encrypt,
<https://www.schneier.com/blog/archives/2024/12/short-lived-certificates-coming-to-lets-encrypt.html>
[2] Concerns about very-short-lived certificates,
<https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/_335unOyteQ/m/3lddQBXgBAAJ>
[3] Let's Encrypt New Intermediate Certificates,
<https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/L7XoAXt_s1c/m/k_vdk9rQAwAJ>
[4] The Pwnedkeys Revokinator is back!,
<https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/Ktb2knJUQ20/m/IbUkTLBFBwAJ>
[5] Certificate with compromised key / *.digicert-demo.com,
<https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/d21mtDJ7YXQ/m/YF2of9RwDAAJ>
--- End Message ---
--- Begin Message ---
tag 1093139 +wontfix
thanks
On Wed, 15 Jan 2025 09:50:20 -0500 Jeffrey Walton <[email protected]>
wrote:
> The problem is practice is, certbot generates a new key pair by
> default when renewing a certificate. The new key pair breaks
> continuity schemes. Continuity schemes, like public key pinning, are a
> better security property than gratuitous key rotation. Pinning a
> public key means relying parties no longer need to rely on trust.
> ("Trust" is what to use when there are no security controls to place,
> like public key pinning).
Hi there,
Thank you for your detailed report! Unfortunately, this isn't a change I'm
willing to integrate. HPKP and similar certificate pinning schemes are
considered ever more deprecated, with HPKP having been removed from many
browsers years ago. For most users, key rotation is the right thing to do
-- and for those that know their specific circumstance means the balance
weighs in favor of pinning, adding the extra parameter is easily done.
The defaults for certbot are considered the right thing... on average.
They, by no means, are the solution for everyone. Administrators can, and
should, make changes that are necessary to keep their local installations
the way they want them.
Sincerely,
--
Harlan Lieberman-Berg
~hlieberman
--- End Message ---
