[tech] signing when rotating (Was: Re: Enhancing TOFU)
jon at dorsal.tk
Sat Mar 20 21:04:50 GMT 2021
Certificate rotation and management without downtime is a hard problem to get correct in the general sense, and is basically why layered PKI exists at all, so that leaf nodes can change more often than intermediates more often than roots. The easiest way to avoid this problem is to not expose your capsule to the Internet until you've got a real certificate for it, from Let's Encrypt or similar.
Sent with ProtonMail Secure Email.
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Wednesday, March 10, 2021 10:21 AM, mbays <mbays at sdf.org> wrote:
> - Wednesday, 2021-03-10 at 07:50 +0100 - nothien at uber.space nothien at uber.space:
> > mbays mbays at sdf.org wrote:
> > > - sign it with A to produce a signed certificate S,
> > >
> > > So why don't we make this a convention? Any subtleties I'm missing?
> > The big issue with this is, what if a client misses a certificate
> > update?
> Yes, this isn't a perfect robust system, and doesn't make sense if you want to rotate certificates frequently. But I'm imagining that rotating would be something you do only very rarely.
> Why would you want to rotate out your current keypair?
> - Advances in cryptography mean you want to switch to a new algorithm.
> - You fear the key might have been compromised.
> - You want to add a wildcard in the CN, e.g. x.y.z -> *.y.z.
> - The certificate is about to expire.
> - Other exceptional circumstances I haven't thought of.
> As long as you set distant expiration dates, it seems reasonable to expect at least a few years between any of these applying. So just having each certificate sign the next seems like it would deal with most situations, and adds no new protocol complexity or traffic costs.
More information about the Gemini