[gnutls-devel] More hostname matching goodness

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Mar 25 09:55:20 CET 2014


On Mon, Mar 24, 2014 at 9:36 PM, Jeffrey Walton <noloader at gmail.com> wrote:

>>> NM> with the intention to completely drop wildcard support at some point.
>>> Wildcard support should remain indefinitely.
>>> It is superior to listing every match in the cert.  Having to churn
>>> certs just because new hosts are added is riskier than using wildcards.
>>  I am not really sure about it. It does not make much sense to re-use
>> the same key and certificate in a large number of hosts.
> I can't speak for a lot of the use cases you probably encounter, but I
> abandoned key rotation some time ago. Now I practice key continuity
> and re-certify the same key from year to year (sans an event like a
> key compromise). I do ue a different key for each service (www vs
> mail, etc).
> Key continuity appears to be a more desirable property. Key
> re-certification helps a lot when security diversification techniques
> are used, like public key pinning. Its also being practiced by folks
> like Google. Google's certs expire every 30 days or so, while the same
> public key is re-certifed.

Note that my comment is on re-using keys on a large number of hosts,
not on generating new keys on every certificate update. Key continuity
is a good thing and we try to take advantage of it by providing the
trust on first use API:
http://www.gnutls.org/manual/html_node/Verifying-a-certificate-using-trust-on-first-use-authentication.html

> Now we need a Public Key Patrol rather than a Cert Patrol. Cert Patrol
> has become much too noisy because its looking for changes in the wrong
> places.

I certainly agree.

>> It pretty much
>> ensures that if any of the hosts is compromised, all of them will.
> I think they are the same problem in a shared hosting environment. If
> a server get compromised, then it does not matter if the bad guy has
> to egress 1 key or 1000 keys. The compromise occurred, and the keys
> are leaving.
> I also look at it like this: pre-SNI, there were super certs with
> hundreds of domains under the same key. It does not matter if its one
> key/cert/lots of domains or lots of keys/single certs/lots of domains.
> Again, the private keys are leaving regardless of how they are bound
> and presented.

I find it is better to have individual certificates that share the
same private key, rather than allowing wildcard certificates (that
still share the same private key). In the latter case you have a
certificate for an unlimited amount of hosts, while in the former,
just for the set you're interested in.

In any case, the plan to completely remove wildcards is in the
long-run, it is not going to happen in the next release of gnutls.
Possibly the decision will be based on data of their actual usage.

regards,
Nikos



More information about the Gnutls-devel mailing list