Re: [Acme] HPKP in ACME
Alan Doherty <ietf@alandoherty.net> Mon, 13 February 2017 20:34 UTC
Return-Path: <ietf@alandoherty.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA80D12940F for <acme@ietfa.amsl.com>; Mon, 13 Feb 2017 12:34:42 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_FAIL=0.001, SPF_HELO_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ohxKCtzPaZ4R for <acme@ietfa.amsl.com>; Mon, 13 Feb 2017 12:34:41 -0800 (PST)
Received: from bigsvr.orionnetworks.ie (hosting.orionnetworks.ie [195.2.202.63]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45FED129585 for <acme@ietf.org>; Mon, 13 Feb 2017 12:29:25 -0800 (PST)
Received: from host249.freudenhaus.alandoherty.net ([193.120.128.249]:3254 helo=alans-p4.alandoherty.net) by bigsvr.orionnetworks.ie with esmtpsa(TLSv1:DHE-RSA-AES256-SHA:256) (auth-as tel1) (nexus 1.3.4.80.1) (envelope-from <ietf@alandoherty.net>) id 1cdNAu-0004fm-Pz ; Mon, 13 Feb 2017 20:24:42 +0000
X-AD-RPFS-HEAD: for info on below codes http://www.alandoherty.net/mailsystem/mail-tagging/
X-AD-RPFS-GOOD-0: AV-SCAN-PASS SA-SCORE--1.6 SA-BAR-(-)
X-Mailer: QUALCOMM Windows Eudora Version 7.1.0.9
Date: Mon, 13 Feb 2017 20:29:10 +0000
To: Clint Wilson <clint.t.wilson@gmail.com>, Jacob Hoffman-Andrews <jsha@eff.org>, "acme@ietf.org" <acme@ietf.org>, Martin Thomson <martin.thomson@gmail.com>
From: Alan Doherty <ietf@alandoherty.net>
In-Reply-To: <CAJ=cBg3pPYt1trws39WFjhijbb_eCTgCm=W80SvW52d+LB49JQ@mail.g mail.com>
References: <81377754-e24d-269d-0f48-ba37e55f8942@eff.org> <CAJ=cBg3pPYt1trws39WFjhijbb_eCTgCm=W80SvW52d+LB49JQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <E1cdNAu-0004fm-Pz@bigsvr.orionnetworks.ie>
X-VIRUS: NONE {no virus found, This is no guarentee}
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/oq4vEJB1mj6gdWt9TCtY1puVgsg>
Subject: Re: [Acme] HPKP in ACME
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2017 20:34:43 -0000
I would concur that clients should endeavour to support (and thusly CAs can consider using in future, when support is available in wider librarys) but because of the risks they should only consider doing so if/when all their processes are in place to ensure failures can't occur but how best to word that i don't know At 20:09 13/02/2017 Monday, Clint Wilson wrote: >I would definitely support removing ", and servers SHOULD emit pinning headers", especially because of the footgun risk you indicated, but I think there is some merit in continuing to recommend support for HPKP on the client side. > >On Mon, Feb 13, 2017 at 12:33 PM Jacob Hoffman-Andrews <<mailto:jsha@eff.org>jsha@eff.org> wrote: >Martin brought up a section I've been considering removing: > >> Clients SHOULD support HTTP public key pinning [RFC7469], and servers >SHOULD emit pinning headers. > >Here's my reasoning: > >- Public key pinning isn't implemented in most HTTPS libraries outside >of browsers, so this is a considerable burden on implementers. >- Public key pinning carries a fairly high risk of footgunning. The >consequence of a failed pin for a CA that serves many ACME clients would >be that some of those clients would fail to renew their certs, causing >cascading breakage. >- There is relatively little confidential information conveyed in ACME, >and there are other defenses built into ACME (like including the account >key as part of the challenge data), so HPKP is not strongly necessary. > >Any objections? > >PR to remove: <https://github.com/ietf-wg-acme/acme/pull/244>https://github.com/ietf-wg-acme/acme/pull/244 > >_______________________________________________ >Acme mailing list ><mailto:Acme@ietf.org>Acme@ietf.org >https://www.ietf.org/mailman/listinfo/acme > >_______________________________________________ >Acme mailing list >Acme@ietf.org >https://www.ietf.org/mailman/listinfo/acme
- [Acme] HPKP in ACME Jacob Hoffman-Andrews
- Re: [Acme] HPKP in ACME Clint Wilson
- Re: [Acme] HPKP in ACME Alan Doherty
- Re: [Acme] HPKP in ACME Daniel McCarney
- Re: [Acme] HPKP in ACME Richard Barnes
- Re: [Acme] HPKP in ACME Daniel McCarney
- Re: [Acme] HPKP in ACME Josh Soref
- Re: [Acme] HPKP in ACME Daniel McCarney
- Re: [Acme] HPKP in ACME Daniel McCarney
- Re: [Acme] HPKP in ACME Russ Housley
- Re: [Acme] HPKP in ACME Aaron Zauner
- Re: [Acme] HPKP in ACME Peter Eckersley
- Re: [Acme] HPKP in ACME Aaron Zauner
- Re: [Acme] HPKP in ACME Nadim Kobeissi
- Re: [Acme] HPKP in ACME Aaron Zauner