Posts by robalex@indieweb.social
 (DIR) Post #AWoUGCL98qfMeqiEnA by robalex@indieweb.social
       2023-06-18T10:44:23Z
       
       0 likes, 0 repeats
       
       @stanford @danny there's a couple variants of this that are worth thinking through. If a root CA is compromised, it needs to be revoked ASAP by every browser. Then everyone affected scrambles to get new certs. See DigiNotar example: https://blog.mozilla.org/security/2011/08/29/fraudulent-google-com-certificate/ .More common is that a CA behaves poorly and is distrusted ahead of an actual compromise. This is a slow, planned distrust that can happen over a year. See Symantec example: https://blog.mozilla.org/security/2018/03/12/distrust-symantec-tls-certificates/
       
 (DIR) Post #AWoVK8DMWRSQyWVkDQ by robalex@indieweb.social
       2023-06-18T10:50:03Z
       
       0 likes, 0 repeats
       
       @stanford @danny Any website automating with the ACME protocol just needs to be pointed at a different provider. Software like #caddy does this automatically when a CA is offline, for example, so LetsEncrypt isn't a single point of failure. Other software could change the default provider with an update, or may require manual user action.
       
 (DIR) Post #AWoXHLA08L3CAJjfou by robalex@indieweb.social
       2023-06-18T11:18:12Z
       
       0 likes, 0 repeats
       
       @stanford @danny you're correct, it would be a mess. The existence of protocol compatible CAs helps speed up recovery, as you should only need a config change, but it's still a manual change in most cases and an immediate revoke will cause many outages. Overloading the remaining CAs is an interesting issue. I think in the short term we could address that by configuring clients to rotate between the free CAs, balancing the load between each of them.