Re: [saag] On PKI vs. Pinning (SAAG 108 preview)
Michael Richardson <mcr+ietf@sandelman.ca> Sun, 23 August 2020 20:38 UTC
Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA51F3A0E4F for <saag@ietfa.amsl.com>; Sun, 23 Aug 2020 13:38:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.001
X-Spam-Level:
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5 tests=[SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aOY01FJc5Ig9 for <saag@ietfa.amsl.com>; Sun, 23 Aug 2020 13:38:32 -0700 (PDT)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [IPv6:2607:f0b0:f:3:216:3eff:fe7c:d1f3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B0E03A0B4E for <saag@ietf.org>; Sun, 23 Aug 2020 13:38:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id 93F04389D4 for <saag@ietf.org>; Sun, 23 Aug 2020 16:17:34 -0400 (EDT)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id f6nNdI1-uz4h for <saag@ietf.org>; Sun, 23 Aug 2020 16:17:32 -0400 (EDT)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id 97D22389CA for <saag@ietf.org>; Sun, 23 Aug 2020 16:17:31 -0400 (EDT)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id 258855ED for <saag@ietf.org>; Sun, 23 Aug 2020 16:38:27 -0400 (EDT)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: saag@ietf.org
In-Reply-To: <20200822014328.GI37427@straasha.imrryr.org>
References: <20200728191331.GV41010@kduck.mit.edu> <20200822014328.GI37427@straasha.imrryr.org>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sun, 23 Aug 2020 16:38:27 -0400
Message-ID: <32690.1598215107@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/Lk0iZYlPnOyLj41UJoWlRtdlX1g>
Subject: Re: [saag] On PKI vs. Pinning (SAAG 108 preview)
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 23 Aug 2020 20:38:35 -0000
Viktor Dukhovni <ietf-dane@dukhovni.org> wrote: >> Is there benefit in arranging for a description of the system where >> the ability to pin is just a degenerate case of a PKI, with a single >> trust anchor and no real hierarchy? > FWIW, I should mention that the DANE support in OpenSSL (since 1.1.0) is > really just support for verifying a certificate chain against a list of > EE and/or TA pins. The pins need not come from DNS, and DNSSEC is not > required to use the "DANE" in OpenSSL. How the application obtains the > pin values is not OpenSSL's concern. > The PKIX-TA and PKIX-EE pins are second factors, while the DANE-TA > and DANE-EE pins are bypass verification via the usual root CA > store, and use only the pins to validate the chain. There are some terms here that I want to lift up: 1) PKIX-TA 2) PKIX-EE 3) DANE-TA 4) DANE-EE I think that the "DANE" in (3) and (4) are not, (as is pointed out in by Viktor), specifically DNS/DNSEC, but rather the point is that they aren't descending from a *PKIX* trust anchor. That there are four ways to pin seems consistent with other comments on this thread. It seems to me that having a short document that explains the four methods would be a useful thing to do. Are there more than four? Maybe. > Thus, for example, in Postfix the following all use the same underlying > "DANE" (really general-purpose pinning) API. > - The "fingerprint" security level that verifies the peer > against a static locally configured list of acceptable > certificate or public key fingerprints. > - The "secure" level with a local per-destination "tafile", > which pins acceptable (possibly intermediate) issuer > certificates or public keys. The chain must be signed > by an issuer that matches one of the pins. > - The "dane" level, where the "pins" take the form of > dynamically obtained DNSSEC-validated TLSA records, > which can be a mixture of EE and TA pins. These have different security properties, and maybe represent two additional forms of pin. > So if an OpenSSL application wants to implement pinning that > either replaces or augments WebPKI validation, the code is > already there in OpenSSL, in the form of support for "DANE", > but perhaps it is not correctly "marketed". It is a really > a fairly general framework for validating certificate chains > against a list of "pins" ("OR" rather than "AND" semantics, > success when any *one* of the pins works out). Stephen Farrel mentioned the banking app that comes with a pin. I think that such a an app would like to know that it is not getting through due to Enterprise audit-based MITM, or National-Firewall MITM. Of course, it could also be another attacker, and RFC7258 in many ways labels the above as attacks. Someone using that app might want to ask their bank about what kind of pin they are using, and they might like to get back a clear answer. -- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr@sandelman.ca http://www.sandelman.ca/ | ruby on rails [ -- Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works -= IPv6 IoT consulting =-
- Re: [saag] height of PKI Russ Housley
- [saag] On PKI vs. Pinning (SAAG 108 preview) Benjamin Kaduk
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Benjamin Kaduk
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Ben Laurie
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Salz, Rich
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Carsten Bormann
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Ben Laurie
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Nico Williams
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Benjamin Kaduk
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Eric Rescorla
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Peter Gutmann
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Yaron Sheffer
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Richard Barnes
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Daniel Migault
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Martin Thomson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Christian Huitema
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Yaron Sheffer
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Yaron Sheffer
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Viktor Dukhovni
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Nico Williams
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Nico Williams
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Viktor Dukhovni
- [saag] height of PKI Michael Richardson
- Re: [saag] height of PKI Viktor Dukhovni
- Re: [saag] height of PKI Michael Richardson
- Re: [saag] height of PKI Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Nico Williams
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Eric Rescorla
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Michael Richardson
- Re: [saag] On PKI vs. Pinning (SAAG 108 preview) Stephen Farrell