On Jan 15, 2020, at 11:07 PM, Benjamin Kaduk <ka...@mit.edu> wrote: > Is there anything better for implementations to actually do (as distinct > from what we write down as recommendations) than to start setting up a > parallel (purpose-specific) PKI now and trusting that in parallel with what > they're currently doing, with the hope of being able to have a flag day > many years down the line when the new PKI becomes the only thing that's > trusted?
I don't think so. It's common practice to use private CAs. Usually, self-signed ones. One major driver for private CAs was initially that EAP supplicant implementations did not cache the server certificate. So if the supplicant trusted a root CA, it trusted *all* certificates issued by that root CA. Which was a major security issue. Supplicants now cache the server certificate, even if they trust the root CA. This lets them warn the user if the server certificate changes. But this process also means that the user is warned on normal certificate expiration / replacement. There is currently no guidance to implementations as to what should be done here. Alan DeKok. _______________________________________________ Emu mailing list Emu@ietf.org https://www.ietf.org/mailman/listinfo/emu
