Hi Alan,
Please refer back to my answer. We are talking MITM attacks here, not
regular operation. The attacker can spoof DNS, e.g. by colluding with a
local ISP.
Thanks,
Yaron
On 25/07/16 20:36, Alan Doherty wrote:
i have to ask how/why would you be sending the user to said cdn supplier (via
dns)
in the first place
for them to see said expired cert (plus warnings if client gives them)
i agree, user/owner sudden distrust of a previously trusted cdn is the worst
possible reason to demand CAs provide a method to have insanely short (and thus
more expensive to provide in terms of resources) certs available
(renewal takes X resources, CA has resources to handle Y normal renewals per 90
days) based on letsencrypt terms
a 2 day cert is x*45 times the resources thus ,to handle the same amount of
customers 45 times the server capacity and bandwith to operate
i would suggest for the few requiring/demanding their chosen cdn salt earth and
delete all data when they leave policy instead pay the extra at start to have
explicit personalised terms of service drawn up with their cdn supplier they
will terminate/delete/purge all data within x hours or notification instead
rather than making the CA (and cdn) work harder (not smarter) every day just so
they (the owner) can have less hassle the 1 day they quit
automation may make repetitive tasks easier, but its still never good to repeat
tasks more often unnecessarily just because automation has made it possible/easy
(especially as a cdn will normally have a maxed out san cert on each ip to
enable swapping/loadbalancing reassigning domains to servers on the fly, and
thus 1 customer demanding a 2 day renewal basically causes all to be 2 day
renewal)
at 17:38 25/07/2016 Monday, Yaron Sheffer wrote:
I think we are slowly but surely getting into the weeds on this one. When we talk about
"CDN revocation" (for lack of a better term), we mean that after a certain
date, the owner of the content:
- Does not want the CDN, or a rogue employee of the CDN, to present the content
as an authoritative source. If the user sees a big browser warning, that would
*not* look authoritative.
- Does not want the CDN to be able to MITM the site for more sensitive traffic,
such as POST messages that contain user passwords.
Short-term certs would handle this use case just fine.
And as a content owner, it's really nice to able to leave a CDN whenever I want
to, without having to rely on it to keep my secrets for a few more years while
we no longer have a business relationship.
Thanks,
Yaron
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
