[gnutls-help] GnuTLS with TOFU verifies public keys, not certificates

Jens Lechtenboerger jens.lechtenboerger at fsfe.org
Thu Apr 17 22:11:07 CEST 2014


On Thu, 17 Apr 2014 14:44:57 -0400, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> said:

> On 04/17/2014 01:33 PM, Jens Lechtenboerger wrote:
>> It turns out that both certificates contain the same public key.
>> (Why would somebody do this?)

> presumably they did this because they have a key that they do not
> think has been compromised, but their certificate expired.

Both certificates were created this January, the previous one valid
for one year, the one to which they switched valid for three years.

Thanks for your input
Jens




More information about the Gnutls-help mailing list