IETF Logo Mail Archive

Re: [saag] Pinning

Steven Bellovin <smb@cs.columbia.edu> Wed, 06 June 2012 02:41 UTC

Return-Path: <smb@cs.columbia.edu>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BFA121F865F for <saag@ietfa.amsl.com>; Tue, 5 Jun 2012 19:41:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.599
X-Spam-Level:
X-Spam-Status: No, score=-6.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DQGUYXRRa3f3 for <saag@ietfa.amsl.com>; Tue, 5 Jun 2012 19:41:20 -0700 (PDT)
Received: from salak.cc.columbia.edu (salak.cc.columbia.edu [128.59.29.6]) by ietfa.amsl.com (Postfix) with ESMTP id 65DA321F865B for <saag@ietf.org>; Tue, 5 Jun 2012 19:41:20 -0700 (PDT)
Received: from [10.9.0.230] (fireball.cs.columbia.edu [128.59.13.10]) (user=smb2132 mech=PLAIN bits=0) by salak.cc.columbia.edu (8.14.4/8.14.3) with ESMTP id q562fDjr028465 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NOT); Tue, 5 Jun 2012 22:41:13 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset="us-ascii"
From: Steven Bellovin <smb@cs.columbia.edu>
In-Reply-To: <4FCE6431.6050808@ieca.com>
Date: Tue, 05 Jun 2012 22:41:13 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <FEFFE3A6-EAA7-477D-A12C-B78CACC0AA99@cs.columbia.edu>
References: <4FCE6431.6050808@ieca.com>
To: Sean Turner <turners@ieca.com>
X-Mailer: Apple Mail (2.1278)
X-No-Spam-Score: Local
X-Scanned-By: MIMEDefang 2.68 on 128.59.29.6
Cc: saag@ietf.org
Subject: Re: [saag] Pinning
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/saag>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jun 2012 02:41:21 -0000

On Jun 5, 2012, at 3:55 PM, Sean Turner wrote:

> All,
> 
> There are many proposals for how to say which key or certificate or trust anchor should be used by the client in a TLS session that it is about to open. These proposals include making that decision in the DNS (https://datatracker.ietf.org/doc/draft-ietf-dane-protocol/), in the application after TLS has happened once, to be remembered in the future (https://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning/), and in the TLS handshake (https://datatracker.ietf.org/doc/draft-perrin tls-tack/). If more than one of these protocols are deployed, operational mistakes could lead to a client getting conflicting information.
> 
> Similarly, there are also proposals on how to say whether or not a client should expect to see a particular service running under TLS. These proposals include making that indication in the DNS (draft hoffman-server-has-tls, expired but might be revived) and in the application after TLS has happened once, to be remembered in the future (https://datatracker.ietf.org/doc/draft-ietf-websec-strict-transport sec/). If more than one of these protocols are deployed, operational mistakes could lead to a client getting conflicting information.
> 
> Is a standards-track operations statement needed to describe the choices that a TLS server administrator has, and to deal with conflicts between the proposals?

It strikes me more as BCP material.  If there are multiple standards,
what's needed is advice on how to choose amongst them, rather than a
standards track document that says "ignore these other standards track
RFCs and use this other one instead."



		--Steve Bellovin, https://www.cs.columbia.edu/~smb

v2.23.0 | Report a Bug | By Email