TOFU, OK, but even with an expired certificate?

[Björn Wärmedal]

On Sun, 6 Dec 2020 at 18:25, <colecmac at protonmail.com> wrote:
>
> It is indeed expired and should be rejected, as you saw with gnutls and
> Amfora.

I disagree with makeworld on this.

The idea of expiration comes from the Certificate Authority scheme of
certificate validation. A certificate authority will not lend their
trust to someone indefinitely, because that would eventually lead to a
horrible mess of billions of rejected certificates. Instead they put a
time limit on their certificates to say that "if we haven't vouched
for this person/organisation in the last X months, just assume we no
longer do".

With a self-signed certificate the date is just a setting that the
certificate issuer can set arbitrarily, which means a middle-man
attacker can too. A valid date range doesn't in any way affect the
security of the certificate. The *only* valid question is "Do I trust
this?" which is somewhat of a catch 22. This is where TOFU comes in:
we assume that the certificate is correct the first time it's
presented to us, and subsequent checks are just a matter of "is this
the same certificate already presented to me for this host?"

Incidentally I wrote a gemlog post on the subject last night (after
the original mail in this thread was sent, but before I'd seen it --
my post had been in the brewing for a few days). Tell me if there's
anything that can be clarified in that post:
gemini://tilde.team/~ew0k/posts/certificate-security.gmi

Cheers,
ew0k