Removing expiry dates for TOFU

colecmac at protonmail.com colecmac at protonmail.com
Tue Jul 7 04:29:37 BST 2020

Previous message (by thread): Removing expiry dates for TOFU
Next message (by thread): Removing expiry dates for TOFU
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Servers can still rotate key pairs without introducing the attack vector of
> expiring the old ones [2].

> I just don't understand the advantage to
> key rotation + expiring the old keys vs. simple key rotation by itself.

Thanks for chiming in mozz!

How can a server rotate a keypair and prove it's still the same server
as before, that there's not an MITM attack going on? This is a genuine question,
I haven't heard much about key rotation for TLS before. Could you explain or
send a link on how this works? I can't find much on it.

Thanks,
makeworld

Previous message (by thread): Removing expiry dates for TOFU
Next message (by thread): Removing expiry dates for TOFU
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list