Security by asking the drunk whether he's drunk

[Peter Gutmann]

Ben Laurie <benl at google.com> writes:

>what happens when the cert rolls? If the key also changes (which would seem
>to me to be good practice), then the site looks suspect for a while.

I'm not aware of any absolute figures for this but there's a lot of anecdotal
evidence that many cert renewals just re-certify the same key year in, year
out (there was even a lawsuit over the definition of the term "renewal" in
certificates a few years ago).  So you could in theory handle this by making a
statement about the key rather than the whole cert it's in.  OTOH this then
requires the crawler to dig down into the data structure (SSH, X.509,
whatever) to pick out the bits corresponding to the key.  Other alternatives
are to use a key-rollover mechanism that signs the new key with old one
(something that I've proposed for SSH, since their key-continuity model kinda
breaks at that point), and all the other crypto rube-goldbergisms you can
dream up.

In any case though at the moment we have basically no assurance at all of
key/cert information so even a less-than-perfect mechanism like trusting
Google and having problems during cert rollover is way, way better than what
we've got now.  In any case if Google decides to go bad then redirecting
everyone's searches to www.drivebymalware.ru is a bigger worry than whether
they're sending out inaccurate Perspectives responses.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com