Ken Hornstein <kenh(_at_)pobox(_dot_)com> writes:
I've been poking around and I see that there is something that MIGHT
be worthwhile to look at: something called "trust on first use" (TOFU)
which basically replicates the SSH key model; upon first connection you
decide to trust the certificate you get, and you save that for later.
+1
How this works when certificates expire is a little unclear to me;
maybe you save the whole certificate chain and you decide to trust new
certs that go back to the original root.
Look into what ssh does about it --- I don't recall having seen
expired-cert complaints from ssh, so I'm guessing they must deal with
this somehow.
If this was enabled by default
we'd get a lot better security out of the box.
Certainly better than no security. For people who do want to deal
with their own certs, that could be the limiting case of the cert
already being present in the right place before first use.
regards, tom lane
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers