On Mon, Jan 11, 2021 at 02:47:40PM -0500, easrng <easrng at gmail.com> wrote a message of 12 lines which said: > I think I would handle certs a few different ways. [...] If the > certificate was valid and trusted by the CAs installed, I would also > accept it, even if that means overwriting an earlier TOFU > entry. Otherwise, I would handle them like SSH handles keys, by > asking the user on the first connection if the certificate is > trusted. It seems a reasonable choice. (Except that "asking the user [...] if the certificate is trusted" is just playing with words: unlike SSH, the user has zero knowledge of the remote server and cannot assess the certificate.) I like the way it deals with the coexistence X.509/TOFU. > First, if it was tunneled over a protocol that is already encrypted > (ex. Tor), I'd accept any certificate, because TLS would be > redundant, Depending on how the client and the server are ran, they may not know if they use Tor or not. Think socks and stuff like that.
---
Previous in thread (30 of 31): 🗣️ Petite Abeille (petite.abeille (a) gmail.com)