On Monday, 28 August 2023 22:07:50 BST Richard Hughes wrote: > On Mon, 28 Aug 2023 at 21:50, Simo Sorce <simo@xxxxxxxxxx> wrote: > > > It could be improved by using TOFU, so that the window of impersonation > > is small, but requires clients to cache an association and then has > > weird failure modes to be dealt with if one of the actors get re-imaged > > or changes the cert for any reason. > > > I was thinking of implementing TOFU; good idea or bad idea? > > Richard. What identity do you attach the "first use" to, and how do you discover that the identify is expected to have a certificate change? In the SSH use case, the identity is the host name, and if the host name is expected to rekey, then the user is told that there's an issue and has to manually intervene. With this use case, I can't see how I tell you that there's been an expected rekeying event - nor am I clear on how I'd work out that a change of key is expected so that I can tell you to permit a rekey. -- Simon Farnsworth _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
