Hacker News new | past | comments | ask | show | jobs | submit login

The idea here may be to invalidate certain add-ons after they have been released in the wild by revoking the certificates used to sign them.



Only one certificate was used for all add-ons, its expiration disabled all signed. No “certain add-ons” it was “all.”


Per the article, there is a separate "end-entity" certificate for each add-on. They were all signed by the same "intermediate" CA, however.


> They were all signed by the same "intermediate" CA, however.

And the expiration of that "intermediate" obviously should have not made already accepted add-ons stop working, in this specific use-case. It's not about establishing a new trusted communication channel for a new content, it's not about disabling some specific add-on.

Thinking logically, that was not the role of that immediate certificate.

So the behavior was clearly designed wrong, because completely wrong analogy was used -- that of creating a connection, where expired intermediate certificate should prevent the new connection, which could an transfer a new attack if not verified. Here the verification already happened, and the "ban" of a specific set of add-ons was also clearly not a case.

Additionally it seems the handling of the update of the expired intermediate was not the topic of the design at all.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: