[kevin_nisbet]

Yea, I equate it to part of security theater.

I worked on a product that rotated the TLS certificate frequently. And it actually showed up a number of times in questions from customers or vendor security questionnaires about whether we rotated the certificates and how that happened.

But what we were never asked was whether old certificates were cancelled... which in that system they were not. So it didn't matter how many times we rotated our secrets, any old or leaked secret in a backup or elsewhere was still completely valid. But we had met the security theater that those rotations happened.

So I expect what you do, is that changing a password would cancel all sessions using that credential. But that's kind of hard to do, so we'll just leave that side buggy and untested, because we did the important part of the theater that said we can change passwords.

[groestl]

> So it didn't matter how many times we rotated our secrets

I'm confused, did you rotate your certs or your secrets?

[kevin_nisbet]

Sorry about the imprecise language, this system rotated both together.

[franga2000]

Can you do one without the other? The public key is derived from the secret/private key, so changing one means also changing the other...

[groestl]

But a (public key) certificate is not a public key. A cert is a public key A (to private key a), signed by another key b, of which public key B is known. To rotate a cert means resigning the public key A (which is still derived from the same private key a).

Edit: relevant, especially flow2k's answer, which explains why this is _not_ just security theater https://security.stackexchange.com/questions/85963/what-is-t...

[franga2000]

Ah, so basically just renewing before it's due, that makes sense. For some reason it didn't occur to me that rotate could mean that too.

This does still leave the problem of the old certs being valid though. This only makes sense as a security practice if the certs are short-lived, which theirs apparently weren't. If the certs live much longer than the rotation window, this really is just security theatre.

I do think thaumasiotes has a point and GP's company probably misinterpreted the rotation requirements and short lifespans were implied in the requirement.

[groestl]

> If the certs live much longer than the rotation window, this really is just security theatre.

That's very true.

> and GP's company probably misinterpreted the rotation requirements and short lifespans were implied in the requirement.

Or GP didn't know that the company was indeed using short expiration times, and somehow confused it with certificate revocation (called "cancelled" in the post).

[charcircuit]

The private key of a cert is a secret that is not reused between certs.

[comprambler]

The private key is definitely reused between certs unless you go through a process of rekeying which requires a new CSR.

[charcircuit]

It's technically possible to reuse it, but letsencrypt / certbot do not reuse it by default. You have to go out of your way and do extra work to reuse a CSR when renewing a cert.

[woodruffw]

The original poster didn't mention LE or anything else that uses ACME. It's pretty easy to reuse a key in a bespoke PKI setup; the X.509 builder APIs that I've used make it trivial. Which doesn't make it a good idea, of course.

[groestl]

Says who?

[thaumasiotes]

> But what we were never asked was whether old certificates were cancelled... which in that system they were not. So it didn't matter how many times we rotated our secrets, any old or leaked secret in a backup or elsewhere was still completely valid. But we had met the security theater that those rotations happened.

Huh? You haven't "rotated" your credentials until the old ones are invalidated. Adding new credentials isn't a rotation.