Comment by π ColonelThirtyTwo
Re: "TLS Questions: CAs and Tofu"
@mbays: is there a mechanism for that? From what I can tell, x509 certs can only have one signature, which for a self signed cert must be with the public key that is provided.
Feb 24 Β· 2 months ago
4 Later Comments β
π mbays Β· Feb 24 at 21:14:
@ColonelThirtyTwo Right, this would be instead of it being self-signed.
I observe the type of trust for capsules by changing the security icon when using TOFU, PKI or DANE. I can say that Letβs Encrypt is used and is not uncommon. Use Trust Anchors for your trust db (a combination of Subject, Public Key and Name Constraints).
π¦ zzo38 Β· Feb 24 at 22:15:
There are a few things that can be done. One is to ensure that you can view the certificate (and the hash of the certificate), in case you want to verify it independently. Another (a bit more complicated, but possible) is to use an extension that indicates that one certificate supersedes another; both the old and new certificate need to have this extension and the same root certificate in order for this to work, though; if the root certificate also changes then it must be verified independently like I had previously mentioned.
DANE is also good to have, although it will not be secure unless the DNS is secure.
You can still have multiple methods and configuration options if you want to, or omit some for a simpler implementation if you do not need all of them.
I think it is reasonable to make the security icon to indicate which kind of certificate validation is being used; in addition to TOFU, PKI, and DANE, there might also be one that specifies matching a exact certificate specified by the user for that domain.
Using TOFU only for self-signed certificates will not work if they have a self-signed root certificate which is used to issue another one to themself (there are some reasons to do this). If the icon is used to indicate the security type, then you could do use TOFU if none of the certificates in the chain is known and PKI and DANE are not available (or are disabled by the user), and the icon indicates this. Due to possibility of reassignment of domain names, you might want to use TOFU even if DANE is available (which might be configurable by the end user; DANE will then be used together with TOFU).
@zzo38: I have a pop-up on the icon with various security details. And the algorithm is like here:
β bbs.geminispace.org/s/Gemini/26311
I think re-signing with TOFU _is_ handled since it uses the root signing key in the Trust Anchor hash.
There are many rough edges on the UI side though, like overriding trust is manual and for some cases impossible :/
Original Post
TLS Questions: CAs and Tofu β I'm working on a Gemini client (cuz we clearly don't have enough) and have a few questions regarding TLS: First, how common are CA signed certificates in the Gemini verse? My understanding is that most servers use self signed certificates nowadays. Second, for TOFU, is there any problem of accepting a certificate different from the one that was first seen, but provides the same public key (and therefore was signed by the same private key)? I want to say no, and...