Removing expiry dates for TOFU

Solderpunk solderpunk at posteo.net
Tue Jul 7 10:53:34 BST 2020


On Tue Jul 7, 2020 at 5:20 AM CEST, Michael Lazar wrote:

> Servers can still rotate key pairs without introducing the attack vector
> of
> expiring the old ones [2]. As soon as a client connects to a server and
> accepts
> the new keypair, any old certs should automatically become invalid to
> that
> client, because they're not the trusted "first-use" certificate anymore.
> It's
> not like a CA system where there can be multiple valid keypairs live at
> the
> same time. This is also true for transferring domain ownership.

You're right that TOFU clients should in general only have a single
actively trusted key on record for each server.

I guess I see the main utility of explicit expiration dates in this
context as being a kind of promise from the sever admin that "I have no
plans to do a key rotation for about this length of time".  This means
that apparent MITM attacks happening at a time when there's a lot of
validity left can be treated with much higher suspicion.

> You would need some overlap in the validity periods to allow time to
> swap out
> the keys on the server.

Sure.

> Honestly though, this sounds like an obtuse way to avoid using a CA.
> Once you
> are employing certificate chains is it really self-signed anymore?
> Generate
> your own CA with a 100-year expiration and stick *that* on the USB
> drive.

Well, that's sort of what that idea is, at core: being your own CA.
TOFU clients treating certificates that they've trusted once as CAs
of very limited power (only able to sign future certs for that one
domain, and perhaps only good for a single signature) is an interesting
way to get from "trusting on blind faith everytime a new cert comes down
the line" to "trusting on blind faith once at the very beginning and
then building up strong trust over time that you're always interacting
with the same party".  That second situation, if we can get there, is, I
would argue, good enough for Geminispace - and, arguably, a lot more
like how trust in the real world works.

Cheers,
Solderpunk



More information about the Gemini mailing list