Updated recommendations regarding TOFU & TLS

Drew DeVault sir at cmpwn.com
Fri Mar 5 12:46:49 GMT 2021

On 2021-03-05 , Philip Linde wrote:
> What is the motivation for ignoring CN?

What is the motivation for using it? In a TOFU system the only real
information that matters is the public key.

> The client (according to the procedure you describe in your article)
> will find the old cert in known_hosts in step 2., see that the served
> certificate differs and consider the new certificate UNTRUSTED. That is
> true regardless of whether you immediately replace the certificate or
> wait until the old one has expired, unless the client *doen't* ignore
> notBefore/notAfter and uses those dates to vacuum known_hosts to remove
> expired certificates automatically (which is impossible given the store
> format you currently recommend).

The format I previously recommended stored the expiration date, and
other clients might as well. Waiting to rotate is the most conservative
choice which maximizes your compatibility with the most clients
regardless of their adherence to these best practices.

> Agreed. I think your article is a good starting point, but consider my
> criticism above.

I think your criticism only applies in a transitive sense, while the
community is moving from one procedure to another, and should have
little influence on any kind of proposed standard or guidelines.

More information about the Gemini mailing list