I've no strong opinion for or against this. One question below though. On 05/04/17 17:07, Subodh Iyengar wrote: > The threat model here is that since if a less-trusted host having a > key is compromised for a certain period of time without detection, > and an attacker can steal private keys during that period. In many > situations we are fine with giving the TLS terminator a certificate / > key, i.e. they actually have a trust relationship, however we want a > compromise to only give the attacker a limited power to use the > credential. Revocation is arguably effective, so we would not be okay > with giving a less trusted host a long term private key. However we'd > be okay with giving a less-trusted host a short term key.
With that goal in mind, wouldn't it help mitigate the threat if the holder of the longer term credential (the cert subject) were to include within the signature e.g. an IP address range within which the delegated credential is allowed to be used? Cheers, S.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
