top | item 39756806

(no title)

It's specifically to discourage intermediate key pinning. If folks want to pin their own end-entity public key (and always re-use the same key when renewing their cert), go for it -- dealing with compromise of their own key is their own problem to solve. Or if they want to pin a root public key to ensure some other CA doesn't issue a MITM certificate, go for it (although that doesn't prevent a bad actor from getting the same CA to issue a MITM certificate; there are other mechanisms to prevent that).

Just please don't pin intermediate CA keys, which should be opaque to the end-user and need to be able to change quickly without breaking a bunch of apps.

discuss

agwa|1 year ago

> Or if they want to pin a root public key to ensure some other CA doesn't issue a MITM certificate, go for it

Please don't pin roots, as that makes it harder to distrust CAs, reducing the agility of the WebPKI. See the Symantec distrust for a painful example.

Chrome and Firefox will be introducing term limits on roots in the near future, which will hopefully help to discourage this harmful practice.

gray_-_wolf|1 year ago

> Please don't pin roots

So what would be the recommended way to protect against government MitM by using some obscure CA?