[gnutls-devel] More hostname matching goodness
Jeffrey Walton
noloader at gmail.com
Mon Mar 24 21:36:45 CET 2014
On Mon, Mar 24, 2014 at 4:19 PM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
> On Mon, 2014-03-24 at 15:28 -0400, James Cloos wrote:
>
>> NM> with the intention to completely drop wildcard support at some point.
>> Wildcard support should remain indefinitely.
>> It is superior to listing every match in the cert. Having to churn
>> certs just because new hosts are added is riskier than using wildcards.
>
> I am not really sure about it. It does not make much sense to re-use
> the same key and certificate in a large number of hosts.
I can't speak for a lot of the use cases you probably encounter, but I
abandoned key rotation some time ago. Now I practice key continuity
and re-certify the same key from year to year (sans an event like a
key compromise). I do ue a different key for each service (www vs
mail, etc).
Key continuity appears to be a more desirable property. Key
re-certification helps a lot when security diversification techniques
are used, like public key pinning. Its also being practiced by folks
like Google. Google's certs expire every 30 days or so, while the same
public key is re-certifed.
Now we need a Public Key Patrol rather than a Cert Patrol. Cert Patrol
has become much too noisy because its looking for changes in the wrong
places.
> It pretty much
> ensures that if any of the hosts is compromised, all of them will.
I think they are the same problem in a shared hosting environment. If
a server get compromised, then it does not matter if the bad guy has
to egress 1 key or 1000 keys. The compromise occurred, and the keys
are leaving.
I also look at it like this: pre-SNI, there were super certs with
hundreds of domains under the same key. It does not matter if its one
key/cert/lots of domains or lots of keys/single certs/lots of domains.
Again, the private keys are leaving regardless of how they are bound
and presented.
If you are talking about a host with different services (www, mail,
openssh), then I don't see it being much different. Once the bad guy
gets in, the keys are probably going to leave with him or her.
Jeff
More information about the Gnutls-devel
mailing list