[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Network security manager
From: |
Lars Magne Ingebrigtsen |
Subject: |
Re: Network security manager |
Date: |
Wed, 19 Nov 2014 12:19:46 +0100 |
User-agent: |
Gnus/5.130012 (Ma Gnus v0.12) Emacs/25.0.50 (gnu/linux) |
Ted Zlatanov <address@hidden> writes:
> I am not a cryptographer so I hope some of those step in and suggest
> what's best. To me from what I know and based on the cited references,
> it seems it could be a choice but pinning the public key is better for
> most people. They won't have to accept again every time the certificate
> is reissued.
Hm... might one not want to track the certificate, though? If it's
changed, then there might be shenanigans.
But if the attacker can generate traffic with the trusted public key,
the site would have larger problems than with the certificate, so
perhaps it doesn't add anything much security-wise...
> Also, we're hashing the SubjectPublicKeyInfo not the public key bit
> string. The SPKI includes the type of the public key and some parameters
> along with the public key itself.
Does gnutls have a function to fingerprint that info? Or access it in
raw form? I guess we could just sha1 it ourselves.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- Re: Network security manager, (continued)
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Ted Zlatanov, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/19
- Re: Network security manager,
Lars Magne Ingebrigtsen <=
- Re: Network security manager, Ted Zlatanov, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Ted Zlatanov, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/19
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18
- Re: Network security manager, Lars Magne Ingebrigtsen, 2014/11/18
- Re: Network security manager, Toke Høiland-Jørgensen, 2014/11/18