[Cryptech Core] cryptech.is TLS server certificate changed (HeartBleed)

[Rob Austein]

At Wed, 09 Apr 2014 00:45:43 +0800, Randy Bush wrote:
> 
> >> send new tlsa rr
> > Unchanged.
> 
> ahhh.  you used ca's cert

Beginning to see why? :)

That said, (potential) key compromise is tricky, as one really wants
revocation.  CRLs have been around forever, but outside of things like
RPKI, nobody uses them very much.  OCSP has potential, particularly
with stapling, but has a nasty 24x7 reachability requirement for the
OCSP server(s) (fortunately, they look fairly easy to replicate).

DANE doesn't help all that much here, although RRSIG expiration (like
expiration of the certificates themselves) will eventually destroy the
signed path to the compromised keys.  Just not quickly unless one uses
aggressively short validity periods, which have their own problems.

I'm currently considering OCSP with stapling as best of a bad set of
choices.  Apache 2.4 supposedly supports stapling, and the major
browsers supposedly support OCSP in one form or another.  Not sure how
many MTAs do, but SMTP is probably stuck in the land of opportunistic
encryption for a long time yet to come; Postfix (at least) has other
mechanisms (eg, key fingerprints), which don't scale to global scale
but are probably sufficient for current needs.

I've held off on OCSP until now because of the inherent fragility.
HeartBleed may require me to rethink that.