Security by asking the drunk whether he's drunk

Ben Laurie benl at
Tue Dec 30 01:57:09 EST 2008

On Tue, Dec 30, 2008 at 4:25 AM, Peter Gutmann
<pgut001 at> wrote:
> Ben Laurie <benl at> writes:
>>what happens when the cert rolls? If the key also changes (which would seem
>>to me to be good practice), then the site looks suspect for a while.
> I'm not aware of any absolute figures for this but there's a lot of anecdotal
> evidence that many cert renewals just re-certify the same key year in, year
> out (there was even a lawsuit over the definition of the term "renewal" in
> certificates a few years ago).  So you could in theory handle this by making a
> statement about the key rather than the whole cert it's in.  OTOH this then
> requires the crawler to dig down into the data structure (SSH, X.509,
> whatever) to pick out the bits corresponding to the key.

Not really a serious difficulty.

> Other alternatives
> are to use a key-rollover mechanism that signs the new key with old one
> (something that I've proposed for SSH, since their key-continuity model kinda
> breaks at that point), and all the other crypto rube-goldbergisms you can
> dream up.

Yeah, that's pretty much the answer I came up with - another option
would be to use both the old and new certs for a while.

But signing the new with the old seems easiest to implement - the
signature can go in an X509v3 extension, which means CAs can sign it
without understanding it, and only Google has to be able to verify it,
so all that needs to change is CSR generating s/w...

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list