Re: [Acme] HPKP in ACME
Clint Wilson <clint.t.wilson@gmail.com> Mon, 13 February 2017 20:10 UTC
Return-Path: <clint.t.wilson@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1904312986A for <acme@ietfa.amsl.com>; Mon, 13 Feb 2017 12:10:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wc4xbRyQOP7z for <acme@ietfa.amsl.com>; Mon, 13 Feb 2017 12:10:00 -0800 (PST)
Received: from mail-ot0-x22c.google.com (mail-ot0-x22c.google.com [IPv6:2607:f8b0:4003:c0f::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADF611297A7 for <acme@ietf.org>; Mon, 13 Feb 2017 12:10:00 -0800 (PST)
Received: by mail-ot0-x22c.google.com with SMTP id 32so77443355oth.3 for <acme@ietf.org>; Mon, 13 Feb 2017 12:10:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=VJ8L6ZZh3NZedpPicTcq7FXrvUUJ3zFM1+Y6tSKZ5gM=; b=KeRQH6chRxBx9QiuF3z/sTACv8GQOBryNsg7qjMlbxeO11ehOQWWelXtUQ9z+DiHyy uUHYGYzsPSZA3Z7c7CAd6usqE1oOc5kOhQU/0LJup6aYR+gE8mmlEmiysCsiKGqMCvxQ k5sEy3RdGw8xzOkTL/NhH2BF+Pi2Xq1WfR88LwverkG44q2FIVmVzfjfJLNVg/Su9zqC rEr63Poogb/UmyFZs4AngTFib3ug1fS7B6n40MpIlAd44lMkIpdwQjSg11MLA3nHo8qb 88U+F6UlYAghS/10vC82IOMav6QVX32oXESU97tDD0gZq5cOvwVo9pa/xx6mLnoM0+hW K9Xg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=VJ8L6ZZh3NZedpPicTcq7FXrvUUJ3zFM1+Y6tSKZ5gM=; b=QoDl9xrvr2NhUDLcPTJG1bkoR088DK6AD07A9jYzM8veNopS6pgYF0qKICqN77UFLp 30/Q8wUKP/Lu2u54TMX0ITtMYO6wv2isAfh/H9Z0DhTp3lONHa4yKaKVQQn/E9TsSefm U7PZHqOsDsFhKDm5X+VWm+w7egxscjqOQwQ/ueNDZPBOFwc6aoQNwGcdpKSEKISTp/PK KYPADxWRUuY82ML/LWh3RLGUFIBk2sNT1hJgsGE11lh5KdUfw8aqte9RB9dT1kFKpg+z DUC5z0Ys1LB+V/V0mQ423fYYIhrcxlwYihTx7Cmehk2xtRov+DgvBcR6hgg/JqSDXJh8 PEDg==
X-Gm-Message-State: AMke39lleMGSzzDnuaFo1itXth7jWoj+bKDWYDNUbR6snsUF4mCaC3sW3OQgCfrivnQOWaf0GqefCPesrvYA7g==
X-Received: by 10.157.6.7 with SMTP id 7mr15044343otn.254.1487016600128; Mon, 13 Feb 2017 12:10:00 -0800 (PST)
MIME-Version: 1.0
References: <81377754-e24d-269d-0f48-ba37e55f8942@eff.org>
In-Reply-To: <81377754-e24d-269d-0f48-ba37e55f8942@eff.org>
From: Clint Wilson <clint.t.wilson@gmail.com>
Date: Mon, 13 Feb 2017 20:09:48 +0000
Message-ID: <CAJ=cBg3pPYt1trws39WFjhijbb_eCTgCm=W80SvW52d+LB49JQ@mail.gmail.com>
To: Jacob Hoffman-Andrews <jsha@eff.org>, "acme@ietf.org" <acme@ietf.org>, Martin Thomson <martin.thomson@gmail.com>
Content-Type: multipart/alternative; boundary="94eb2c095f7a39e53805486f08e2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/uM5RBM3Go14Oqe32aa4qXDC9aRk>
Subject: Re: [Acme] HPKP in ACME
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Feb 2017 20:10:02 -0000
I would definitely support removing ", and servers SHOULD emit pinning headers", especially because of the footgun risk you indicated, but I think there *is* some merit in continuing to recommend support for HPKP on the client side. On Mon, Feb 13, 2017 at 12:33 PM Jacob Hoffman-Andrews <jsha@eff.org> wrote: > Martin brought up a section I've been considering removing: > > > Clients SHOULD support HTTP public key pinning [RFC7469], and servers > SHOULD emit pinning headers. > > Here's my reasoning: > > - Public key pinning isn't implemented in most HTTPS libraries outside > of browsers, so this is a considerable burden on implementers. > - Public key pinning carries a fairly high risk of footgunning. The > consequence of a failed pin for a CA that serves many ACME clients would > be that some of those clients would fail to renew their certs, causing > cascading breakage. > - There is relatively little confidential information conveyed in ACME, > and there are other defenses built into ACME (like including the account > key as part of the challenge data), so HPKP is not strongly necessary. > > Any objections? > > PR to remove: https://github.com/ietf-wg-acme/acme/pull/244 > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
- [Acme] HPKP in ACME Jacob Hoffman-Andrews
- Re: [Acme] HPKP in ACME Clint Wilson
- Re: [Acme] HPKP in ACME Alan Doherty
- Re: [Acme] HPKP in ACME Daniel McCarney
- Re: [Acme] HPKP in ACME Richard Barnes
- Re: [Acme] HPKP in ACME Daniel McCarney
- Re: [Acme] HPKP in ACME Josh Soref
- Re: [Acme] HPKP in ACME Daniel McCarney
- Re: [Acme] HPKP in ACME Daniel McCarney
- Re: [Acme] HPKP in ACME Russ Housley
- Re: [Acme] HPKP in ACME Aaron Zauner
- Re: [Acme] HPKP in ACME Peter Eckersley
- Re: [Acme] HPKP in ACME Aaron Zauner
- Re: [Acme] HPKP in ACME Nadim Kobeissi
- Re: [Acme] HPKP in ACME Aaron Zauner