Re: [gentoo-user] Heartbleed fix - question re: replacing self-signed certs with real ones

[Mick <michaelkintzios@gmail.com>]

[-- Attachment #1: Type: Text/Plain, Size: 4338 bytes --]

On Thursday 17 Apr 2014 15:40:04 Matti Nykyri wrote:
> On Apr 17, 2014, at 9:10, Mick <michaelkintzios@gmail.com> wrote:
> > On Wednesday 16 Apr 2014 18:56:57 Tanstaafl wrote:
> >> On 4/16/2014 7:14 AM, Matti Nykyri <matti.nykyri@iki.fi> wrote:
> >>> On Apr 16, 2014, at 13:52, Tanstaafl <tanstaafl@libertytrek.org> wrote:
> >>>> Or will simply replacing my self-signed certs with the new real ones
> >>>> be good enough?
> >>> 
> >>> No it will not. Keys are te ones that have been compromised. You need
> >>> to create new keys. With those keys you need to create certificate
> >>> request. Then you send that request to certificate authority for
> >>> signing and publishing in their crl. When you receive the signed
> >>> certificate you can start using it with your key. Never send your key
> >>> to CA or expect to get a key from them.
> >> 
> >> Ok, thanks...
> >> 
> >> But... if I do this (create a new key-pair and CR), will this
> >> immediately invalidate my old ones (ie, will my current production
> >> server stop working until I get the new certs installed)?
> > 
> > You have not explained your PKI set up.  Creating a new private key and
> > CSR is just another private key and CSR.
> > 
> > If you replace either the private CA key on the server, or any of its
> > certificates chain, but leave the path in your vhosts pointing to the old
> > key/certificate that no longer exist you will of course break the server.
> > Apache will refuse to restart and warn you about borked paths.
> > 
> >> I'm guessing not (or else there would be a lot of downtime for lots of
> >> sites involved) - but I've only ever done this once (created the
> >> key-pair, CR and self-signed keys) a long time ago, so want to make sure
> >> I don't shoot myself in the foot...
> > 
> > Yes, better be safe with production machines.  However, don't take too
> > long because your private key(s) are potentially already compromised.
> > 
> >> I have created new self-=signed certs a couple of times since creating
> >> the original key-pair+CR, but never created a new key-pair/CR...
> >> 
> >>> There are also other algorithms the RSA. And also if you wan't to get
> >>> PFS you will need to consider your setup, certificate and security
> >>> model.
> >> 
> >> What is PFS?
> >> 
> >  http://en.wikipedia.org/wiki/Forward_secrecy
> > 
> > I'm no mathematical genius to understand cryptography at anything more
> > than a superficial level, but I thought that ECDS, that PFS for TLS
> > depends on, was compromised from inception by the NSA?  Perhaps only
> > some ECDS were, I am not really sure.
> 
> I don't know anything about ECDS. You probably mean ECDSA?! What i have
> understood is that ECDSA is not compromised. Though I can not be certain
> about that.
> 
> RSA has been in the market for a long time and the mathematics are for what
> i think a bit simpler. But with compromised software there was a bad
> algorithm for creating the primes. So it was the keys not RSA it self. But
> I think the thing that you are talking about is DHE_RSA... I read from
> somewhere that it was quite compromised.. But ECDHE is not. The difference
> with DH and DHE (ECDH and ECDHE) is that DH uses static keys and DHE
> authenticated ephemeral keys. These temporary keys give you forward
> secrecy but decrease performance.
> 
> RSA takes quite heavy computing for the same level of security compared to
> ECDSA. RSA key creation is even more costly so using ephemeral temporary
> keys with RSA takes quite long to compute. Thats why I prefer ECDHE_ECDSA
> suites for reasonable security and fast encryption.
> 
> > I remember reading somewhere (was it Schneier?) that RSA is probably a
> > better bet these days.  I'd also appreciate some views from the better
> > informed members of the list because there's a lot of FUD and tin hats
> > flying around in the post Snowden era.
> 
> For high security application I would also use RSA in excess of 16k keys.
> Then make sure to use random data and a trustworthy key-generator.
> Fighting the agencies is still something I believe is virtually impossible
> ;)

Thanks Matti,

Can you please share how you create ECDHE_ECDSA with openssl ecparam, or ping 
a URL if that is more convenient?

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 490 bytes --]