Hi there, Dnia czwartek, 23 stycznia 2014 00:47:48 Tom Ritter pisze:
There are a lot of things like this, but the big question is: how does the user indicate to you which cert they want?
Can't they just get both certs and accept the one that works for them? I.e. John Doe would just accept the "vanilla" SSL cert; Joe R. Hacker's browser would have these blocked, but could accept a Monkeysphere-based one.
If it was via pubca.x.com or privca.x.com - that's easy just put the different certs in the different sites.
The idea is to have the same site.
But otherwise, you have to rely on quirks.
Ah, yes, quirks. ;)
TLS allows you to send different certs to different users, but this is based off the handshake and is for algorithm agility - not cert chaining. EG I send ECDSA signed certs if I know you can handle them, and RSA if not.
Oh, this is good. Differentiating between "vanilla" certs and "advanced/really secure" Monkeysphere-based certs via ciphers is neat. Thanks for the idea!
You can also send two leaf certs, two cert chains, a cert and garbage, a cert and a stego message - whatever. This is the closest to what you want, but this is undefined behavior.
Mhm.
Browsers may build a valid chain off the public CA, and monkeysphere off the private* and it works perfect... Or the browser may pop an invalid cert warning. It's undefined behavior. You'll have to test, see what happens, and hope chrome doesn't break when it updates every week.
So, sticking to the ciphersuite hack, which is elegant and bound to work. Thanks a bunch. -- Pozdr rysiek