[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
| Re: [mosquitto-dev] Accepting connection based on client's certificate | 
Hi Greg,
thanks for answer. I'll add a little more context to the question. 
Suppose the following situation;
 a) you have your own CA that issues certificates for clients 
connecting to mosquitto
 b) each certificate that is generated is securely stored by the CA
 c) common name in client's certificate is used for ACLs
Now let's consider that our CA's private key is compromised. The would 
mean we have two options:
 1) revoke and regenerate all client certificates
 2) ensure that even if attacker uses the authority's private key and 
generates his own certificates, we can detect that
Option 1) might be costly and time consuming, would probably suffer from 
service interruptions, etc.
Option 2) does not have this problem, because because we *know* 
certificates that were legitimately signed by our CA, we can just drop 
connections that look OK, but are actually created using stolen private 
key. Of course, this is just a temporary workaround to give time to 
fully proceed with option 1) but ensures that there is no time when 
attacker can be harmful and that there are no disruptions for users.
Does that make sense?
Jan
On 10/29/19 1:17 PM, Greg Troxel wrote:
I wonder if there are already libraries that have a notion of
authorization for certificates.
I wonder if you can use the name in the cert as the login name and then
use the acl file.
In general, it sounds like you are merging authentication  and
authorization, and that it is better to keep them logically separate.