1. Accidentally publish TLS key on website. 2. Revoke certificate. 3. Get new certificate =WITH SAME KEY=.https://groups.google.com/forum/m/#!topic/mozilla.dev.security.policy/71AXGTgcX9c …
Alternative: Every key for every certificate blacklisted for further use.
-
-
No, thanks. That makes pinning impossible with short-lived certificates.
-
I like it even more now! Pinning a key without a timely revocation mechanism is broken, and promotes post-compromise key re-use.
- 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.