I do agree with you griffin.
Usually, you don't need to really worry much about this. A normal good configuration for a server is to send the full chain, and software like certbot will configure it automatically to do so. And then on the client side, you can rely on your platform to maintain a good trust store (since Microsoft/Google/Apple/etc. keep it up to date) of current roots that you should trust. My understanding is that it's Android that's the oddball here, where somehow there are "current" systems that don't get security updates (such as trust store updates). (This really flabbergasts me, since if it's not getting security updates then what's in the trusted root store is the least of your problems.) But somehow it's a thing that people are needing to deal with, where they can't expect the trust store on Android devices to be up-to-date so they need to handle specifying what they trust in a bit more of a hands-on manner.
The other problem with trusting the intermediate certificates directly (not that I'm really trying to disagree with you again ) is that you need to make sure to get all of them (in addition to needing to track changes more often). While new certificates are currently being signed with R3, they could switch to their disaster recovery R4 at any time with little-to-no notice. So you'd want to include X3, R3, R4, E1, and E2.right now. And doing all that is just making more work for yourself, when all you need to do is trust the roots that change less often. There might be some circumstances where it makes sense to worry about the intermediates, but in most cases you shouldn't care if Let's Encrypt came up with a new intermediate for every day.
I don't think Ruben needs to worry about
E2 unless he's planning on using elliptic-curve cryptographic keys (and thus has no need to worry about
ISRG Root X2 that only issues certificates for ECC keys). I fully agree with you about the hassle of needing to pin the RSA backup intermediates as well. Could you imagine having backup root certificates?
Well, I'm envisioning a future where elliptic curves become the default choice. Or maybe some engineer working on their server starts playing with the new certbot option to issue them. Almost everything supports ECC nowadays. So if you include the X2 root now while you're thinking about it, you don't need to worry about it later when it starts getting used for everything.
I completely agree though I hope something I design supersedes ECC too....
My area of cryptographic design relates to revocable biometric templates.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.