A mighty fortress is our PKI

Nicolas Williams Nicolas.Williams at oracle.com
Wed Jul 28 08:30:41 EDT 2010


On Tue, Jul 27, 2010 at 10:10:54PM -0600, Paul Tiemann wrote:
> I like the idea of SSL pinning, but could it be improved if statistics
> were kept long-term (how many times I've visited this site and how
> many times it's had certificate X, but today it has certificate Y from
> a different issuer and certificate X wasn't even near its expiration
> date...)

My preference would be for doing something like SCRAM (and other
SASL/GSS mechanisms) with channel binding (using tls-server-end-point CB
type).  It has the effect that the server can confirm that the
certificate seen by the client is the correct one -- whereas the server
cannot do that in the "SSL pinning" approach.  It'd have other major
benefits as well.

The problem is: there's no standard way to do this in web browser
applications.  Worse, there's not even any prototypes.

I also like the Moonshot approach.

> Another thought: Maybe this has been thought of before, but what about
> emulating the Sender Policy Framework (SPF) for domains and PKI?
> Allow each domain to set a DNS TXT record that lists the allowed CA
> issuers for SSL certificates used on that domain.  (Crypto Policy
> Framework=CPF?)

Better yet: use DNSSEC and publish TLS EE certs in the DNS.

Nico
-- 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list