oss-sec mailing list archives
Re: Certificate pinning and the browser PKI
From: Daniel Kahn Gillmor <dkg () fifthhorseman net>
Date: Sat, 07 Mar 2015 09:49:58 -0800
On Thu 2015-03-05 13:43:46 +0100, Florian Weimer wrote:
So for the browser PKI case, it may make sense to pin the server public key instead (n *and *e), not the entire certificate. During regular rollover, you can keep the public key, and you can have a pre-pinned offline copy for emergency rollovers.
yes, this is the right approach. in the HTTPS context, HPKP actually pins public keys, and not certificates. You can even pin the EE's public key and multiple backup offline public keys, so that in the event of a compromise of your EE's primary key, you can promote one of the backups to active use, generate a new backup, and still have other backups that can be considered valid even by clients that still only know of the old keys. Planning this way lets you sustain multiple rollover events over the lifetime of the PKP directive without locking out infrequent visitors. --dkg
Current thread:
- Certificate pinning and the browser PKI Florian Weimer (Mar 05)
- Re: Certificate pinning and the browser PKI Martin Hecht (Mar 05)
- Re: Certificate pinning and the browser PKI Daniel Kahn Gillmor (Mar 07)