Comments (3)
How does this change influence revocations, pinning expiry date, etc?
from ocaml-x509.
revocations are still not checked... the server which revokes its certificate better generates a new private key...
pinning expiry date
-- I don't understand what you mean by that? if you use pinning, and the certificate gets renewed (still using the same certificate signing request / public key), the pin will be valid later as well. (which changes the behaviour considering the old certificate pinning implementation)
from ocaml-x509.
Yes, but you would be revoking the certificate, not the key.
So the attacker can just make a new certificate containing the same key, and keep using that?
This also has problems with existing software which hashes certs the "old school" way.
That functionality should at least be retained.
Yes, re: expiry date.
Is that desirable?
Then I, as a server operator, would have no way to put a time limit on a key intended for fingerprinting (since an attacker can just keep making new certificates containing the old key).
from ocaml-x509.
Related Issues (20)
- parsing pem from string HOT 2
- Incompatible with sexplib/ppx_sexp_conv v0.11.0 HOT 6
- API woes HOT 1
- Remove conflict with ppx_sexp_conv >= v0.11.1 HOT 3
- Invalid_argument "X509: failed to parse certificate" when using X509.Encoding.Pem.Certificate.of_pem_cstruct1 HOT 3
- Expose X509.Certificate.compare HOT 2
- Issues with the DN representation HOT 22
- Certificate verification allows dangerous algorithms HOT 8
- Why is Validation.trust_cert_fingerprint deprecated? HOT 3
- improve API (make it harder to use wrong) HOT 2
- feature: ed25519 support HOT 7
- feature: ed448 support HOT 1
- mirage-crypto 0.8.9 breaks regression test HOT 7
- feature: enhance Private_key module HOT 1
- [Public_key.verify]'s ECDSA evaluation mishandles long digests HOT 11
- Serial number at 0 can not be decoded with #167 HOT 3
- Retrieving valid_from/valid_until from a certificate HOT 1
- missing `astring' in META HOT 2
- How to access some parts of a certificate HOT 1
- Cannot install due to dependency problem HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ocaml-x509.