Cert pinning

Achim Gratz Stromeko at nexgo.de
Sun Mar 31 10:07:00 UTC 2019 

Richard Laager via devel writes:
> I think public key (as opposed to certificate) pinning is the common
> approach these days. The application simply requires that one of the
> public keys in the chain match the pinned public key. The user can
> decide if they want to pin the server public key, the intermediate CA,
> or the root CA.

Normally pinning is provided from the DNS or from the transport protocol
to reduces the number of trust anchors that are possibly valid.

> That said, we need to think carefully about the intended interactions
> between pinning and validation (or lack thereof with noval).

Pinning does not relieve you of any validation, it only tells you which
validation paths are valid regardless of what trust anchors you have.

> I think that you in particular are using pinning to avoid adding the
> server operator's private root certificate that you don't trust.

That's not what pinning is for and properly implemented it will not work
for that.

> An alternative approach to meet this particular demand would be to allow
> specifying a root certificate per NTS association. Then you could
> specify the private root CA for this particular association, without
> needing to trust it system-wide, or even ntpd-wide. The advantage of
> this approach would be that you can remove "noval" and thus get the
> usual validation, including checking certificate NotBefore/NotAfter times.

Actually the correct way to implement this is to import the root CA and
constrain the scope of its certificates via PKIX stapling to just the
subset of purposes that you indeed trust it for.  Unfortunately that is
not yet implemented by default for most Linux systems, although gnutls
will use such constraints if its new enough (and compiled with the
requisite option).

So yes, injecting the trust anchor(s) to use for a specific set of
NTS-KE would be the easier option.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

SD adaptations for Waldorf Q V3.00R3 and Q+ V3.54R2:
http://Synth.Stromeko.net/Downloads.html#WaldorfSDada

More information about the devel mailing list