Why do we allow SSL certificates to be replaced before their expiry date, without revokation of others?
Imagine a situation where a rogue CA creates a certificate for your site. Since the user's browser trusts the CA, it will accept the certificate without any fuss. However, the site's real certificate doesn't expire for another year, and there's no CRL entry for it.
Why do we allow the browser to accept such a situation? Surely it would make more sense to enforce that the first certificate, and only that certificate, is accepted until it expires or it is explicitly revoked.
Imagine a situation where a rogue CA creates a certificate for your site. Since the user's browser trusts the CA, it will accept the certificate without any fuss. However, the site's real certificate doesn't expire for another year, and there's no CRL entry for it.
Why do we allow the browser to accept such a situation? Surely it would make more sense to enforce that the first certificate, and only that certificate, is accepted until it expires or it is explicitly revoked.
No comments:
Post a Comment