Thoughts on TOFU

solderpunk solderpunk at SDF.ORG
Sat Jun 13 07:20:17 BST 2020

Previous message (by thread): Thoughts on TOFU
Next message (by thread): Thoughts on TOFU
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Jun 13, 2020 at 12:41:44AM +0200, Felix Queißner wrote:

> My proposal for both server certificates is the following:
> An endpoint stores the public key of the servers certificate as well as
> the host name. As long as this host continues to use the same identity
> (pub+privkey), it will be trusted. Certificates that aren't refreshed
> will error to the client, having another pubkey presented will error
> "harder" (as in: this is a possible MITM attack)

I'm not sure this makes sense: if you expect me to believe that you will
keep your private key secure from compromise for N days/months/years,
then why not just send me a certificate which doesn't expire for N
days/months/years?

But I could be jumping the gun on that.  I haven't had any coffee yet
and there are a host of other reasons that certificates expire beyond
concerns about key compromise.  Some of them don't really transfer from
CA-land to self-signed TOFU land.  But some may...in which case some
kind of "long keys, short certs" model might indeed make sense.

Cheers,
Solderpunk

Previous message (by thread): Thoughts on TOFU
Next message (by thread): Thoughts on TOFU
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list