oss-sec mailing list archives

Re: Certificate pinning and the browser PKI

From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Sat, 07 Mar 2015 09:49:58 -0800

On Thu 2015-03-05 13:43:46 +0100, Florian Weimer wrote:

So for the browser PKI case, it may make sense to pin the server public
key instead (n *and *e), not the entire certificate.  During regular
rollover, you can keep the public key, and you can have a pre-pinned
offline copy for emergency rollovers.


yes, this is the right approach.  in the HTTPS context, HPKP actually
pins public keys, and not certificates.  You can even pin the EE's
public key and multiple backup offline public keys, so that in the event
of a compromise of your EE's primary key, you can promote one of the
backups to active use, generate a new backup, and still have other
backups that can be considered valid even by clients that still only
know of the old keys.  Planning this way lets you sustain multiple
rollover events over the lifetime of the PKP directive without locking
out infrequent visitors.

     --dkg

Current thread:

Certificate pinning and the browser PKI Florian Weimer (Mar 05)
- Re: Certificate pinning and the browser PKI Martin Hecht (Mar 05)
- Re: Certificate pinning and the browser PKI Daniel Kahn Gillmor (Mar 07)