Comment by glitchc
15 hours ago
You're clearly not using these keys in certificates, which would need to be signed by a root or interim CA on every update.
15 hours ago
You're clearly not using these keys in certificates, which would need to be signed by a root or interim CA on every update.
Correct. The keys are only used for signing JWTs. Trust was established with the vendor out of band from this wire protocol (the URL they scan for public keys).
I'm not sure I understand, but haven't you just moved the problem to the out of band layer? And is that layer not secured using the same normal (somewhat) long-lived TLS as most sites?
I don't think I understand the threat model you are using here?