[Ach] bettercrypto.org cert blocked in chrome 56

[Terje Elde]

> On 30 Nov 2016, at 22:51, Gunnar Haslinger <gh.bettercrypto at hitco.at> wrote:
> 
>> when pinning your certificates you can include one whose
>> coresponding key is not on the machine but acts as the backup key, maybe
>> even offline.
>> 
> 
> Not "can", its not an option it is mandatory!
> 
> The browsers will NOT accept HPKP pinning if you don't add an currently unused backup key.

Just a quick reminder:

It can be a backup key that you have, but it can also be that of another CA.  Or completely random.  Bad idea, but the browsers would accept it.


On another note;

In general, when comparing and contrasting the CA-system, DANE/DNSSEC and HPKP, let’s also keep the following in mind;

HPKP allows me to lock users into my keys.  It gives me control over which keys the users will trust for my domains, and the services I’m trying to securely provide them with.

Neither the CA-system nor DANE/DNSSEC really does that, not in a generic and “always" accessible way.

In a world with national security letters and increased hostility towards both privacy and free speech, I think that’s a worthwhile goal to pursue, despite the risks.
Especially knowing that the risks are there, regardless of if I enable HPKP or not.

When considering the risks (domain-highjacking followed by hostile pins, vs. rouge CAs or similar), it’s also worth keeping the scale of the two risk-profiles.  Yes, there’s always a chance that *I* could be compromised and someone pin the domains, that would suck for my users, but most people wouldn’t notice.  A rougue CA on the other hand, could lead to massive large-scale compromises.

While HKPK isn’t perfect, it allows for shifting the risk and control in constructive directions.  IMHO, that’s something that’s at least worth pursuing as part of a solution.

Terje