[Ovmsdev] Urgent TLS root certificate issue (Let's Encrypt)

HONDA S2000 s2000 at audiobanshee.com
Thu Sep 30 12:42:52 HKT 2021


Sorry to jump in the middle (end?) of a long thread...

Working on another system at work a couple of years ago with embedded security, I recall a couple of topics from the design meetings.

1) Certificate handling should be designed to allow for a transition period where two equivalent certificates are valid at the same time. That's because it's almost impossible to roll out a certificate change in the deployed fleet if only one can be valid at a time. The duration of the overlap needs to be long enough for all systems to transition, and only then can the old certs be removed.

2) Intermediate certificates are what enables these changes. The top or root cert is usually too protected to allow easy changes, or managed by another entity, so the team / project gets an intermediate that can be used to sign multiple leaf certs with varying expirations.

Leaf certs change relatively quickly, while intermediates change relatively infrequently. In both cases, some overlap time needs to be supported. I suppose this means that the root cert also needs a plan for transition that doesn't abruptly cut off all working systems.

Unfortunately, you probably already know all of this, and I'm just not familiar with how OVMS handles certs. But basically, I'm wondering whether a smoother transition can be designed around the *next* expiration. ... or is this something that Let's Encrypt didn't plan for?

Brian Willoughby



More information about the OvmsDev mailing list