IETF Logo Mail Archive

Re: [TLS] Fwd: New Version Notification for draft-sheffer-tls-pinning-ticket-00.txt

Yaron Sheffer <yaronf.ietf@gmail.com> Mon, 12 October 2015 13:18 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0322B1B2E16 for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 06:18:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4
X-Spam-Level:
X-Spam-Status: No, score=-4 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, GB_I_LETTER=-2, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id by_IEKyrFZsL for <tls@ietfa.amsl.com>; Mon, 12 Oct 2015 06:18:23 -0700 (PDT)
Received: from mail-pa0-x22e.google.com (mail-pa0-x22e.google.com [IPv6:2607:f8b0:400e:c03::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 48B5E1B2DDC for <tls@ietf.org>; Mon, 12 Oct 2015 06:18:23 -0700 (PDT)
Received: by padhy16 with SMTP id hy16so154226985pad.1 for <tls@ietf.org>; Mon, 12 Oct 2015 06:18:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=dsn9s5ZvhuzBZwNPummpsC+ajJ/HVme41abVRCo9ZEc=; b=bRxIUbuf009IxN9Aw4VaiYlnKzGPt2tnJSK505uiCkQyJw4CvChSltt5EpDyDtfzCj ChprrRpN97U3nfQNvDCBzeQVwTiPMjosAMTDwDYCJifXYErHdaj0S/utDC0vHdWNL9z5 dRlnWjkzct/A7EJPXGw93ql1zsjBvvbgVwHpI9jsejQusD3h12mCLzHY6Lm4Tdgr4iUA bvhlbHDCkZkqMBBf8pzlnfdexZqBlhmSWETTMc8O9jU2hW9+YS2RVfrQksvVZlW7dmB+ gt004pa87fy38VoscDL07ICvvD8e0ZpMwt6mZ3F82rC0CrkaYkhetaImCnh8eh6GAqOr JmQw==
X-Received: by 10.68.69.17 with SMTP id a17mr34523920pbu.10.1444655902730; Mon, 12 Oct 2015 06:18:22 -0700 (PDT)
Received: from [172.18.133.33] (hoover.intuit.com. [199.16.140.25]) by smtp.googlemail.com with ESMTPSA id ir4sm16026201pbb.93.2015.10.12.06.18.19 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 12 Oct 2015 06:18:20 -0700 (PDT)
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, "tls@ietf.org" <tls@ietf.org>
References: <20151011193517.30413.36864.idtracker@ietfa.amsl.com> <561ABF32.20008@gmail.com> <877fmtt9mh.fsf@alice.fifthhorseman.net>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Message-ID: <561BB319.3050108@gmail.com>
Date: Mon, 12 Oct 2015 16:18:17 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <877fmtt9mh.fsf@alice.fifthhorseman.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/CiZXMPUGLz1ydiuq6xbBfZ8OqHw>
Subject: Re: [TLS] Fwd: New Version Notification for draft-sheffer-tls-pinning-ticket-00.txt
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Oct 2015 13:18:26 -0000

Hi Daniel,

Thanks for your review. Please see my comments inline.

	Yaron

On 10/11/2015 11:48 PM, Daniel Kahn Gillmor wrote:
> Hi Yaron--
>
> On Sun 2015-10-11 15:57:38 -0400, Yaron Sheffer wrote:
>> We have a standard for certificate pinning (RFC 7469), but it is rather
>> hard to use and as a result is rarely deployed. This draft proposes a
>> lightweight alternative that allows TLS clients to authenticate the
>> server they're connecting to, even if a rogue CA can generate fake
>> certificates for that server.
>>
>> The draft is currently TLS 1.3-only, and is based on the previous draft
>> of 1.3 so some minor details may have changed.
>
> I've only just skimmed thus far, but i'm happy to see this proposal.  A
> few comments below:
>
> TACK
> ----
>
> As you note in the draft, it addresses a similar problem as TACK, which
> never made it through the standards process:
>
>    http://tack.io/draft-tack.html
>
> perhaps it would be useful to have a section next to the Comparison:
> HPKP that included a Comparison: TACK ?
>

I'm not familiar enough with TACK at the moment. I can write something 
up, or if you'd like to contribute text, that'll be awesome.

>
> (dis)similarity to session tickets
> ----------------------------------
>
> In the session-ticket case, most servers (clustered or otherwise) can
> afford to treat their session ticket master keys as ephemeral keys -- if
> the server is restarted or dies and is re-installed, the worst that
> happens is that a client doesn't get to resume their session -- they
> have to open a new connection.
>
> If the session ticket resumption master keys are used as recommended
> here, it seems like the risk of master key loss is bricking the server,
> so the master key becomes necessary to store non-ephemerally.
>
> Writing the master key to disk or storing it off-site someplace can
> present a risk to the forward-secrecy of ticket-resumed sessions.
>
> tracking the master key itself seems like it also adds specific
> operational overhead for server maintainers that doesn't currently
> exist.  Does this reduce the advantage of the scheme over TACK or HPKP?
> if not, can you explain why not?
>

IMO persisting the master key to disk is less of a problem than 
distributing it across cluster members, and this is something that needs 
to happen or session resumption will fail regularly. Regular  rotation 
of the master key means that persisting it to disk is not such a risk. 
You are right that a session resumption master key needs not be backed 
up, whereas the pinning secret may need to be backed up securely for 
disaster recovery.

>
>
> Client Privacy
> --------------
>
> section 6.6 says "TODO", and page 5 says:
>
>>        The main reason for refreshing the ticket on each connection is
>>        privacy: to avoid the ticket serving as a fixed client
>>        identifier.  It is RECOMMENDED to include a fresh ticket with
>>        each response.
>
> If the participating client wants privacy from the server (to avoid the
> server using this to track the client) but also wants defense against
> broken CAs, how does recomending this behavior from the server actually
> allow the client to enforce privacy?
>
> The server is trivially capable of tying together a history of
> pinning_ticket objects to track specific clients, right?  it just
> remembers the two tickets involved every time it generates a
> PinningTicket extension.  If the pinning tickets returned by the server
> are different each time, the client cannot know whether the server is
> doing this tracking or not.
>

Yes, I was thinking of privacy in the face of passive attackers who 
listen in to the TLS handshake. Not when the server itself is out to get 
you. I suspect that there is little you can do to protect your privacy 
when the server itself is malicious, but I'm sure you are more 
knowledgeable about these issues.

>
> public key vs. certificate
> --------------------------
>
> In your introduction (and in the mail above), you refer to "certificate
> pinning" -- but i don't think there is anything out there that is
> "certificate pinning" -- HPKP is public key pinning, and it ignores the
> certificates that wrap any given public key.  So your tables should
> really refer to "main public key" and "backup public key", not "main
> certificate" or "backup certificate".
>

You are right. "Certificate pinning" is the more common term, but is it 
less precise.

>
> HPKP example workflow
> ---------------------
>
> Your HPKP timeline seems to assume that your "old backup certificate"
> can't be used as your "new main certificate" -- what makes you say this?

The longer you keep a keypair, the more likely it is to be compromised. 
So you may not want to keep a keypair in "cold storage" for a year, and 
then use it as a production cert for another year.

Depending on your setup, the risk may be much larger on the production 
server than on some offline storage, and then your proposed process 
makes perfect sense.

>
> I agree with you that HPKP end-entity pinning generally makes more sense
> (and is more useful at defending against malicious/incompetent CAs) than
> authority pinning.  But I'd expect an HPKP timeline using end-entity
> pinning to be more like:
>
> lower-case letters are public keys.  we presume that the site
> administrator has the corresponding secret keys backed up
> offsite/offline somewhere, and the associated certs and secret keys
> needed to operate the web site get deployed as needed.
>
> Initial deployment:
>
>
>   HPKP: { a, b }  Cert: A = X.509-wrapped(a)
>
> as A approaches expiry, we generate a new key c (storing its secret key
> offline), get a new cert made over b, and switch to:
>
>   HPKP: { b, c }  Cert: B = X.509-wrapped(b)
>
> As B approaches expiry, we do the same dance, generating d and making a
> cert over c:
>
>   HPKP: { c, d }  Cert: C = X.509-wrapped(c)
>
> and so on.
>
> Does this simpler cycle change your analysis of HPKP?
>
> I tend to think HPKP deployment has been slow because:
>
>   (a) the risk of bricking the site makes admins (justifiably) nervous
>
>   (b) having to have an additional offsite store (of your HPKP backup
>       secret key) to avoid site-bricking is a workflow that most admins
>       don't already have in place.
>
> But i don't think your proposal addresses these issues either (though
> the data stored offsite for (b) is slightly different between your
> proposal and HPKP).  Does it address them in some way that i'm missing?

One difference is that in HPKP, the data stored in (b) is 
security-critical, in that its compromise is just as bad as compromise 
of the site's regular secret key (you can use it to MITM all connections 
to the server). In my proposal the pinning secret is truly a "second 
factor". Its compromise is an issue only if you can *also* generate a 
fake certificate.

Another major difference is that my proposal avoids the manual 
management steps of HPKP (at least until we have ACME widely deployed). 
The pinning secret can be generated automatically when the server is 
started and rolled over periodically, with no human in the loop.

>
> Regards,
>
>       --dkg
>

v2.23.0 | Report a Bug | By Email