[Ach] Let's Encrypt + TLSA, DANE, HPKP, ... - was: bettercrypto.org certificate has expired today
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Mar 14 03:21:59 CET 2017
On Wed 2017-03-08 11:06:05 -0500, Hanno Böck wrote:
> Changing keys regularly is imho a good thing, it gives you some kind of
> weak forward secrecy property. IMHO more valuable and less error prone
> than HPKP.
This isn't forward secrecy at all. With modern TLS, the only mode is
forward secret. What you're describing is active endpoint
> Imagine someone gets access to an old backup or harddisk of yours. If
> you regularly switch keys he won't get an active private key from you.
> If you reuse private keys he will.
This is a pretty narrow threat model, but i agree with you that it's
something that some people my find it worthwhile to consider.
however, a better approach would be a scheduled transition from one key
to the next, with an offline next-key introduced via hpkp before it is
deployed. improving ACME clients to handle this kind of workflow in a
sane way by default would be very helpful.
More information about the Ach