Re: [ietf-privacy] [websec] HPKP and privacy
Chris Palmer <palmer@google.com> Wed, 10 July 2013 20:36 UTC
Return-Path: <palmer@google.com>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B724021F9B58 for <ietf-privacy@ietfa.amsl.com>; Wed, 10 Jul 2013 13:36:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.253
X-Spam-Level:
X-Spam-Status: No, score=-1.253 tagged_above=-999 required=5 tests=[AWL=0.725, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BiUEXsDFKEh6 for <ietf-privacy@ietfa.amsl.com>; Wed, 10 Jul 2013 13:36:33 -0700 (PDT)
Received: from mail-ve0-x22a.google.com (mail-ve0-x22a.google.com [IPv6:2607:f8b0:400c:c01::22a]) by ietfa.amsl.com (Postfix) with ESMTP id DBE5321F963C for <ietf-privacy@ietf.org>; Wed, 10 Jul 2013 13:36:16 -0700 (PDT)
Received: by mail-ve0-f170.google.com with SMTP id 14so6518661vea.1 for <ietf-privacy@ietf.org>; Wed, 10 Jul 2013 13:36:14 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=0Gv/ORY5nF5bEBkpPRSrvRlrNNmjWJXfHD0ikrls7mY=; b=OhDBpzCooAS7TNa3K1c4AqAmdquaAAo/MyOSO92blBGTIKT7w2dCom+3QaUxkXF+8J i1qlqPVbjMqfRdcFKZr9zrIYHdeoMFS2HccZh4GnMRsw/42uh97cvCcR+PetctldaynP LfDAz/YT29ZYI1FjltA4DnNNZVJNCY9qLqpOyJwO/6gL//40IX/4CGOD05iH7IcBo8sk 9T70HNSUeaLpFQHB44ufO0RElhk5D2ies5aamsO+P80qnyk8JBbLWe4oSMhLNlNJWHEJ 7/oyqyWrxFTxFKnSN3GF/VxWVXiqNRNB3A3MHuJeSZXhuniK8VTOx9+G6KOm4h1D4U5g lzPQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=0Gv/ORY5nF5bEBkpPRSrvRlrNNmjWJXfHD0ikrls7mY=; b=cdShP5aI4rFPlhitrCC9jV8FSTrXUgeKCC2vt0pHpg11yBhuZOEVppN2/Rflm1SUNn 1iqyWyZAsO6eMItKUE5JDGq6JRuwINUxjGLEbT9EgZTv7XiOpQdHoKlG66DQm6J/Tavj +7xi8hY7JtIsqw8U66FSbobBzMdQi0qQ7NMFsRi/o2Gkyrco2ZE0wV/laSEZvYdb8eif JWosJnwbobhtBqLZI0wH+BzeBWdS2fp7Vi1OLj8h/PkrRuzfakBLy9ruzjAAbW8XI6zj tnkaeJYLgCd9pDlnf2mXQrSl+YPR2ec2p1Nh9p7KfgaOSzpzY2OLeMcZ6OqEbH539kJ8 v0Kw==
MIME-Version: 1.0
X-Received: by 10.52.25.69 with SMTP id a5mr16785395vdg.99.1373488574788; Wed, 10 Jul 2013 13:36:14 -0700 (PDT)
Received: by 10.220.108.135 with HTTP; Wed, 10 Jul 2013 13:36:14 -0700 (PDT)
In-Reply-To: <CAOe4Ui=j+SEF_JVtFLc63CJr5YaLep_K4M3BqqOiLY+2SPJE3A@mail.gmail.com>
References: <CAOe4UimnDeEU3BHwy5KrCOi=4KxLPRuuKZRHQv49s1_BNg44Ww@mail.gmail.com> <51C7F08F.2090205@gondrom.org> <CAOe4Ui=Teo77EG3r+gsfeAVsHoykOsG=2cV8xVkiw+3SNoUvrg@mail.gmail.com> <CA+cU71nEPm95MLPAcgDjFdzuR5eLT98+-WEsxpfSbH+dHq81UA@mail.gmail.com> <CAOuvq20A+KZv+O=Hp2jqZw8-j0oKzVVTJR=d7H=tkA9rADJzUg@mail.gmail.com> <CAOe4Ui=j+SEF_JVtFLc63CJr5YaLep_K4M3BqqOiLY+2SPJE3A@mail.gmail.com>
Date: Wed, 10 Jul 2013 13:36:14 -0700
Message-ID: <CAOuvq23Q6BGRKwq2z3r9Pr7PZRKs9OGnC7xRhUU_fcczSNx34g@mail.gmail.com>
From: Chris Palmer <palmer@google.com>
To: Joseph Bonneau <jbonneau@gmail.com>, ietf-privacy@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQleGVBR/H1oHk4wi5VRBGV7KFivvynJOkNaU01g1uM+JRXQTFUyTTnBvk2fAuoaBDzsltYGkqYhJ7z4rcPe68a4b+SAAjUVRfd6dKMKXuNJd/PvMLEG0CM8sx0p0u5GlSXuzuhE9g5R68EqQpiOk7NJ0ZrFaTiVut8zIpG1hGXUDEM4byKyMTKsohDSutVKKlCtLZGX
X-Mailman-Approved-At: Mon, 15 Jul 2013 11:46:57 -0700
Cc: IETF WebSec WG <websec@ietf.org>, Tom Ritter <tom@ritter.vg>
Subject: Re: [ietf-privacy] [websec] HPKP and privacy
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Jul 2013 20:36:33 -0000
On Tue, Jul 9, 2013 at 3:54 PM, Joseph Bonneau <jbonneau@gmail.com> wrote: >> Yes. Unfortunately, I don't see a way to have both HPKP and automatic >> defense against this kind of super-cookie. The problem exists for >> HSTS, too. > > I agree, but there are two things user agents SHOULD do at a minimum: (a) > clear pins for domains whenever other domain-specific information is cleared > for privacy reasons (delete history since time N, or private browsing mode) We currently have decided NOT to do this for HSTS. You can see the somewhat tortured history of the behavior in Chrome here: https://code.google.com/p/chromium/issues/detail?id=104935 Chrome's Incognito mode is an easy way to get Chrome to not persistently store any local state (thus defeating a wide range of super-cookie techniques, including but not limited to ETag, HSTS, HPKP, cache hit/miss timing). If you are concerned about privacy side-effects from local state, use Incognito. (Also, it behooves me to refer to the official Incognito documentation: https://support.google.com/chrome/answer/95464?hl=en) > (b) not store pins in cases where cookies will not be rejected for privacy > reasons (such as third-party cookie blocking policies). I don't think these > are obvious to implementers so I would like to seem them in the spec. I'm not sure what you mean here. Did you mean to write, "not store pins in cases where cookies WILL be rejected for privacy reasons"? Note that the HSTS and HPKP super-cookie is primarily useful for *recovering* a previously-set but then deleted cookie — it does not by itself allow the server to *easily* correlate requests, only to laboriously recover a thing (like a cookie) that does. So if the UA is blocking (say) third-party cookies anyway, the HSTS/HPKP super-cookie technique might not work too well for the third-party adversary. Or at least not as well as other techniques that are already available. I believe we are in the privacy margins here. Incognito mitigates the concern; blocking third-party cookies somewhat mitigates the concern; N-host HSTS/HPKP super-cookies are (probably? I think?) not the most efficient of the many available super-cookie techniques; I assume everyone likes the report-uri feature and that we don't want to get rid of it; et c. As far as I know, the ETag/Last-Modified super-cookie technique is unsolved (http://www.nikcub.com/posts/persistant-and-unblockable-cookies-using-http-headers), and much more straightforward for implicit-tracking adversaries to use.