[tech] signing when rotating (Was: Re: Enhancing TOFU)
mbays at sdf.org
Tue Mar 9 21:02:41 GMT 2021
* Friday, 2021-03-05 at 19:14 +0100 - mbays at sdf.org <mbays at sdf.org>:
>* Friday, 2021-03-05 at 13:33 +0100 - nothien at uber.space <nothien at uber.space>:
>>I think that people find TOFU controversial because it [...]
>>prevents servers from ever being able to change certificates.
>I think we can solve this neatly by using certificate chains.
I experimented a bit more with this, and discovered that chains can be
awkward. Not all servers support sending a certificate chain, TLS
libraries may complain if the root cert isn't set as a CA, and we lose
the efficiency savings of only transmitting a single cert.
But there's a much simpler version which avoids chains.
If your server is currently using certificate A and you want to switch
to a new certificate:
* create a new self-signed certificate C with key K,
* sign it with A to produce a signed certificate S,
(e.g. using openssl x509 -CA A.crt ...)
* tell your server to use S and K.
The signature on a self-signed certificate is worthless, so we lose
nothing by replacing it with a signature from the old certificate in
Clients can check for this as follows:
* When TOFU-trusting a certificate for a host, save its pubkey.
* If later a new cert is provided for the host, check if it was
correctly signed by the pubkey of the old certificate.
* If so, accept the new certificate and delete the old one. Arguably
there should be a warning if the old certificate had expired.
I experimented a bit with this, and the only small complication I ran
into is that tls libraries may complain if the Distinguished Names of
the two certificates are identical (at least, the haskell tls library
I tested with does). But it isn't hard to include a field in the DN of
the new certificate to make it unique.
So why don't we make this a convention? Any subtleties I'm missing?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 195 bytes
Desc: not available
More information about the Gemini