[Tor2web-talk] Fwd: Public-key pinning in Chrome.
Virgil Griffith
i at virgil.gr
Tue Jan 6 21:58:41 CET 2015
I don't have possession of the current certificates but I presume the
possessor is on the list.
-V
---------- Forwarded message ----------
From: Adam Langley <agl at google.com>
Date: Tue, Jan 6, 2015 at 11:29 AM
Subject: Public-key pinning in Chrome.
To: info at tor2web.org
tor2web has its TLS public keys pinned in Chrome to either
"AlphaSSL_G2" or "Tor2web". Since you have a SHA-1 certificate, you'll
probably need to replace it this year.
When you do, it will not be issued from the "AlphaSSL - G2"
certificate because that's signed with SHA-1. Unless you reuse the
same, 5 year old key then you'll break your pinset.
I think you should request now that a different CA certificate be
trusted and should generate and submit your new leaf public key.
(Note: Pinning changes take *at least* three months to take effect.)
Cheers
AGL
More information about the Tor2web-talk
mailing list