Hi all,
I have a small question about the I-D. In particular, it seems to me
that this proposal circumvents any limitation on the effective lifetime
of a short-lived-cert's keypair. From a cryptographic standpoint of
view, it is good practice to impose strict lifetimes on keys (i.e.,
usually via validity periods in certificates) to limit the issue of
successful attacks on the crypto scheme (e.g., key factorization). This
proposal would de-facto remove this property by adopting re-issuing
instead of re-keying when renewing a certificate.
Although the CA might be able to track the usage of a key from the
initial CSRs, the automatic issuance of the certificate itself without
the constraints of the key longevity seems quite dangerous and possibly
open to a policy of "set-and-forget" that might last for... years...
(automatically not re-issuing the certificate based on key-size + CSR
timestamp would, I think, create issues for CDNs as there would be no
indication when a new LURK/CSR cycle is needed).
Am I reading it wrong / missing something ?
Cheers,
Max
--
Massimiliano Pala, PhD
Director at OpenCA Labs
twitter: @openca
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
