[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?]
From: |
Daniel Kahn Gillmor |
Subject: |
Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?] |
Date: |
Wed, 17 Jan 2018 23:49:13 -0500 |
On Sun 2018-01-14 18:23:59 +0000, Heiko Richter wrote:
> hardcoding a root certificate into a program has
> *never* been any kind of accepted security system.
pinning certificates (either end-entity or further up the chain) is
considered a good practice in a design where there is an expected
service that will be connected to, and that service has a known
certificate management lifecycle.
You see this regularly in mobile app development. for example:
https://stackoverflow.com/questions/15728636/how-to-pin-the-public-key-of-a-certificate-on-ios
GnuPG is not a mobile app, but it does ship with some built-in knowledge
about the keyserver pool, and it uses that knowledge *specifically* for
the sake of secure connections to the pool.
This is commonly-accepted best practice because it reduces the exposure
to all the rest of the CA cartel mishegas.
Many thanks to Kristian for managing the pool for so long!
--dkg
signature.asc
Description: PGP signature
- [Sks-devel] Fwd: Re: Unde(r)served HKPS [was: Underserved areas?], (continued)
- [Sks-devel] Fwd: Re: Unde(r)served HKPS [was: Underserved areas?], Heiko Richter, 2018/01/14
- Re: [Sks-devel] Fwd: Re: Unde(r)served HKPS [was: Underserved areas?], dirk astrath, 2018/01/14
- Re: [Sks-devel] Fwd: Re: Unde(r)served HKPS [was: Underserved areas?], Moritz Wirth, 2018/01/14
- Re: [Sks-devel] Fwd: Re: Unde(r)served HKPS [was: Underserved areas?], Heiko Richter, 2018/01/14
- Re: [Sks-devel] Fwd: Re: Unde(r)served HKPS [was: Underserved areas?], Moritz Wirth, 2018/01/14
- Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?], Gabor Kiss, 2018/01/14
- Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?], Heiko Richter, 2018/01/14
- Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?], Kristian Fiskerstrand, 2018/01/14
- Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?], Heiko Richter, 2018/01/14
- [Sks-devel] Fwd: Re: Unde(r)served HKPS [was: Underserved areas?], Heiko Richter, 2018/01/14
- Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?],
Daniel Kahn Gillmor <=
- Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?], Alain Wolf, 2018/01/14
- Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?], Kristian Fiskerstrand, 2018/01/14
- Re: [Sks-devel] Unde(r)served HKPS [was: Underserved areas?], Kristian Fiskerstrand, 2018/01/14
Re: [Sks-devel] Underserved areas?, dirk astrath, 2018/01/13