[Tech] [Spec] TOFU or not TOFU?

Björn Wärmedal bjorn.warmedal at gmail.com
Thu Dec 24 21:19:33 GMT 2020

Previous message (by thread): [Tech] [Spec] TOFU or not TOFU?
Next message (by thread): [Tech] [Spec] TOFU or not TOFU?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I’ve said this before, and I feel more and more confident in this position:
Expiry dates in general and CA issued certs in particular really do not mix well with TOFU. When a cert expires a window for MitMA is opened. When this happens every 30-60 days it becomes quite ridiculous. An SSH hostkey has no expiration date; neither should certificates in geminispace (or at the very least we shouldn’t care about it).

I even go further and claim that neither Common Name nor Subject Alternative Names matter either. With a self-signed certificate these are as easily forged as any other fields.

I know a lot of people disagree with me here, but I have yet to see an argument that can convince me that CN, SAN, not-valid-before or not-valid-after have any bearing on the security of the certificate or give me as a user any information that helps me make a safe decision. All of these fields are crucial in a CA validation scheme, but only add a false sense of security in TOFU.

As for the specific question: a crawler has no way to make useful decisions about the security of the certificate. It should just not try.

Cheers,
ew0k

(Also: 🎅🏻🎄 Ho ho ho! Merry Christmas, everyone!)

Previous message (by thread): [Tech] [Spec] TOFU or not TOFU?
Next message (by thread): [Tech] [Spec] TOFU or not TOFU?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Gemini mailing list