1 |
Mick <michaelkintzios@×××××.com> writes: |
2 |
|
3 |
> On Sunday 06 Sep 2015 03:45:26 lee wrote: |
4 |
>> Mick <michaelkintzios@×××××.com> writes: |
5 |
>> > On Saturday 05 Sep 2015 14:06:27 lee wrote: |
6 |
> |
7 |
>> >> What's the solution for a server which can be reached by different fqdns |
8 |
>> >> and IPs? What if the fqdns and IPs it can be reached by change over the |
9 |
>> >> lifetime of the certificates? |
10 |
>> > |
11 |
>> > If we are talking about changing subdomains, e.g. |
12 |
>> > mailserver1.mydomain.com and mailserver2.mydomain.com then you could use |
13 |
>> > a wildcard CN field descriptor in your certificate: *.mydomain.com |
14 |
>> |
15 |
>> just different fqdns and IPs with which the server can be reached during |
16 |
>> the lifetime of the certificate (which is only 10 years) |
17 |
>> |
18 |
>> Can you foresee all possible fqdns and IPs it might have in the next 10 |
19 |
>> years? |
20 |
> |
21 |
> OK, 10 years is rather long for a common certificate. In this case you should |
22 |
> consider setting up your own CA key and CA certificate, with which you sign |
23 |
> the server certificates. Server certificates can expire and/or be revoked, |
24 |
> you can update and publish a CRL, but the CA certificate will remain valid for |
25 |
> 10 years. |
26 |
|
27 |
I made it 10 years because you have to set a duration, and I didn't want |
28 |
to be bothered with certificates expiring. But I understand that I've |
29 |
been doing it kinda wrong because it would have been better to make a CA |
30 |
certificate which could be valid for a long time and sign certificates |
31 |
with it which don't last that long. |
32 |
|
33 |
Can I somehow deploy some sort of centralized infrastructure for clients |
34 |
to automatically get the CA certificates from? Otherwise, I would need |
35 |
to import the CA certificate for every user manually. |
36 |
|
37 |
> [...] |
38 |
> |
39 |
>> I think it would be retarded to bind a certificate to a fqdn or IP. Both |
40 |
>> can change at any time. It's the certificate that counts and which can |
41 |
> [...] |
42 |
> |
43 |
> Sure, but (although you could) gpg is not usually used to secure the |
44 |
> connection to a server. A server's identity is interlinked with its domain |
45 |
> name, or IP address. The identity for gpg is linked to the email address of |
46 |
> its owner. You wouldn't sign/encrypt your work's email with the gpg key for |
47 |
> your private email address. |
48 |
|
49 |
With gpg, the linkage to an email address was introduced a long time ago |
50 |
to make it easy to determine from an email address which key to use. |
51 |
Back then, people usually did have no more than one email address, |
52 |
perhaps another one at their work place, and most people didn't have any |
53 |
email addresses at all. |
54 |
|
55 |
That has changed. However, even back then, the email address wasn't |
56 |
used to identify a person. You could only know that, with a great deal |
57 |
of likelyness, an email --- sent from whatever email address --- was |
58 |
sent by a particular person when it was signed or encrypted with the key |
59 |
you definitely knew was that particular person's key. |
60 |
|
61 |
That has *not* changed. The same principle applies to certificates. |
62 |
|
63 |
So what sense does it make for a certificate to be linked to an FQDN or |
64 |
IP? None of those necessarily identify a particular server. If they |
65 |
did, the only purpose of certificates would be to assist encryption, and |
66 |
they wouldn't have anything to do with identification. --- You're using |
67 |
gmail (which I won't because of privacy concerns): Can you be sure that |
68 |
you connect to the same server every time you receive or send your |
69 |
emails? You probably don't. |
70 |
|
71 |
The underlying idea is trust. If you trust a CA --- and I don't see any |
72 |
particular reason to trust any of the CAs seamonkey knows by default and |
73 |
most, if not all of which, I've never even heard about --- a certificate |
74 |
signed by it is accepted without asking you. |
75 |
|
76 |
Is that good or bad? Back then, when I used gpg, I had my key signed by |
77 |
people I met personally and signed theirs. We would know by the fact |
78 |
that the key was used, not by any particular email address. |
79 |
|
80 |
So the identity for gpg is *not* linked to the email address of its |
81 |
owner. Nobody prevents you from encrypting or signing an email with your |
82 |
key and sending it from an arbitrary email address. Recipients may only |
83 |
conclude that it was you who sent the email by verifying that your key |
84 |
was used, and first they have to trust that this key is actually yours. |
85 |
You may need to explicitly specify the key-ID or an email address to |
86 |
tell gpg which key to use when you do that. |
87 |
|
88 |
Same goes for certificates, and there's no point in linking them to |
89 |
FQDNs/IPs. If they are linked for the practical reason to figure out |
90 |
which certificate to use, like gpg can use an email address to figure |
91 |
out which key to use, then I'd say that a better way needs to be found |
92 |
to do that. Similar to a key-ID specific to a key, certificates could |
93 |
have a certificate-ID --- perhaps they already do. |
94 |
|
95 |
>> > If we are talking about a multidomain certificate, then you would have |
96 |
>> > the main domain name in CN and add all the remaining domain names in the |
97 |
>> > subjectAltName field. |
98 |
>> > |
99 |
>> > For example: |
100 |
>> > |
101 |
>> > [req] |
102 |
>> > req_extensions = v3_req |
103 |
>> > |
104 |
>> > [ v3_req ] |
105 |
>> > |
106 |
>> > # Extensions to add to a certificate request |
107 |
>> > [snip...] |
108 |
>> > |
109 |
>> > subjectAltName = @alt_names |
110 |
>> > |
111 |
>> > [alt_names] |
112 |
>> > DNS.1 = mydomain.com |
113 |
>> > DNS.2 = mydomain.net |
114 |
>> > DNS.3 = www.mydomain.com |
115 |
>> > DNS.4 = mx.sub.mydomain.com |
116 |
>> > DNS.5 = mx.someotherdomain.com |
117 |
>> > IP.1 = 123.456.78.9 |
118 |
>> > IP.2 = 987.654.32.1 |
119 |
>> > |
120 |
>> > You could specify the same on the CLI when you are generating the self |
121 |
>> > signed certificate. |
122 |
>> |
123 |
>> At least that's possible. How would I add that without changing the |
124 |
>> existing certificate? I don't want to irritate the users, don't want to |
125 |
>> have the phone calls about it and don't want trouble with the odd client |
126 |
>> which happens to have been updated and refuses to accept the certificate |
127 |
>> ... |
128 |
>> |
129 |
>> See what I mean? It's impractical. |
130 |
> |
131 |
> Yes. It could be impractical at this stage, because the architecture of your |
132 |
> PKI has to change. |
133 |
> |
134 |
> However, you can treat your existent self-signed certificate as a CA and use |
135 |
> it to sign other certificates which contain different IP addresses, fqdns, |
136 |
> etc. depending on the server(s) in question. |
137 |
> |
138 |
> If your clients have accepted your self-signed certificate as a CA, then it |
139 |
> should not cause a problem. |
140 |
|
141 |
When I look at one of the CA certificates seamonkey shows me, I don't |
142 |
see any specific FQDN or IP involved. Am I to understand that a CA |
143 |
certificate is like what I kinda wanted in the first place, i. e. something |
144 |
like a certificate which identifies an organization (rather than a |
145 |
device operated by the organization)? And that the CA certificate can |
146 |
be used (by the organization) to, well, certify that a particular device |
147 |
it operates is operated by the organisation by creating a certificate |
148 |
for the device and signing it with the CA certificate? |
149 |
|
150 |
If that is so, then why should I need or use one certificate for each |
151 |
device --- or for each service? I'm certifying myself that this is the |
152 |
particular organisation and that everything is fine, one way or |
153 |
another. So far, the true and only purpose of these certificates is to |
154 |
assist encryption. Unless I am able to give users, in a secure way, |
155 |
some means of verifying that a certificate they accept is actually from |
156 |
the organization, the certificates cannot be used for identification |
157 |
anyway. |
158 |
|
159 |
|
160 |
-- |
161 |
Again we must be afraid of speaking of daemons for fear that daemons |
162 |
might swallow us. Finally, this fear has become reasonable. |