

About Public Key Pinning - tptacek
https://noncombatant.org/2015/05/01/about-http-public-key-pinning/

======
mike-cardwell
Most important sentence in this article:

"Unless you are very confident that you understand the Web PKI, and unless you
are very confident that you can manage your site’s cryptographic identity very
well, you should not use key pinning"

------
janvidar
I think the whole Web PKI needs a do-over, and it can't happen soon enough.

I work in software security and design security solutions for and with
competent customers. In the past couple of years (post Snowden), every design
for every one of these customers have been with the assumption that the CA
model is broken and can't be trusted - this is a big step.

Personally I find the Wildcard SSL certificate a particularily ugly hack for
the broken state of the web PKI.

Ideally, I should be able to get my own site certificate and use that to sign
the server certificates for all my services in my domain. The beauty of this
is that my site's private key does not need to be on any on my exposed
servers, and I can revoke and re-issue certs for servers individually. This
does ofcourse not work, since the certificates aren't limited to domains as
such, which correctly is pointed out is a glaring flaw of the entire system.

I'm not going to rant about ASN.1 - let's do that another time.

~~~
0xdeadbeefbabe
Broken as in broken glass or is this a subjective use of the word broken?

~~~
janvidar
Broken, not shattered.

The definition of broken that matches what I was intending to say would be:

From The Jargon File (version 4.4.7, 29 Dec 2003) [jargon]:

    
    
      broken
       adj.
      
              1. Not working according to design (of programs). This is the
              mainstream sense.

------
upofadown
The user should be ultimately be in control of how pinned a particular key is.
My bank should be able to mail me a USB drive with their certificate on it and
I should be able to make the use of that certificate mandatory for any host
from their domain.

