[TLS] What's up with TACK?

Aaron Zauner <azet@azet.org> Sat, 13 June 2015 19:34 UTC

Return-Path: <azet@azet.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 4F5D91ACDF1 for <tls@ietfa.amsl.com>; Sat, 13 Jun 2015 12:34:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.1
X-Spam-Status: No, score=0.1 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id l7kxnuwDVpRc for <tls@ietfa.amsl.com>; Sat, 13 Jun 2015 12:34:40 -0700 (PDT)
Received: from mail-wi0-f169.google.com (mail-wi0-f169.google.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEDDF1ACE0A for <tls@ietf.org>; Sat, 13 Jun 2015 12:34:39 -0700 (PDT)
Received: by wibdq8 with SMTP id dq8so42567510wib.1 for <tls@ietf.org>; Sat, 13 Jun 2015 12:34:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:subject:message-id:mime-version :content-type:content-disposition:user-agent; bh=pvfEns+7pKl4WNj/WBbhL+/+KYpptom8gaVmJQAXJ58=; b=fjNd18lP550SOknmiGs7b0pzDd75GGTev69nLrXlOakFleFSFaKshFFUWnEwZYsyHd 3t2CpRpfUeqd0Faczwb+kkhwhq/S5CnbdcEiNINmhZngXyH0YqS6IldNfMZj8YlVTC/C eYp2fgixFoW+klOdgybypecwso31do7uXEk3Qr/EapfstQCyAYG7MEpwxVKMkbfJVk5S UczoP7BlOa7msVK8Qhh9cmmIvh245njbAjifKC5Q0Byt8dwP62ABmvldyPBTfrtuRN+z 6P2WxerDGt4ffhMtiM76y5HiVoCT2dGWqOCQZkqbNVEo9O/uX1ug/gZRWR9+LqC06SVA wTUA==
X-Gm-Message-State: ALoCoQmRpPDWqD3hp8DI5SngiEvUAunnnhhHvsomSxPXc1dqhBLNyoVw6UKmVcBxIgwC+G6VKy6q
X-Received: by with SMTP id uz2mr38167464wjc.155.1434224078666; Sat, 13 Jun 2015 12:34:38 -0700 (PDT)
Received: from typhoon.azet.org (chello080108032135.14.11.univie.teleweb.at. []) by mx.google.com with ESMTPSA id q4sm11543198wju.14.2015. for <tls@ietf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 13 Jun 2015 12:34:37 -0700 (PDT)
Date: Sat, 13 Jun 2015 21:34:45 +0200
From: Aaron Zauner <azet@azet.org>
To: tls@ietf.org
Message-ID: <20150613193444.GA31312@typhoon.azet.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="bp/iNruPH9dso1Pn"
Content-Disposition: inline
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/L-NDeaC8xC1uNqppUAOkcR4vwnk>
Subject: [TLS] What's up with TACK?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 13 Jun 2015 19:34:41 -0000


I've been meaning to write this message for almost a year now. I've
not seen any recent discussion on generic key pinning on this list.

We now have HPKP support in major browsers but protocols like
STARTTLS are still left our when it comes to pinning. Discussion on
TACK seemed to have died during the HPKP proposal somehow, yet it's
the more elegant, generic approach to key pinning in TLS. Although
the spec is confusing I have no problem with HPKP as is and I'm
happy that it's in roll-out phase.

I'd like to see discussion on TACK again. Actually I don't
understand why this proposal was never adopted by the WG.

Thanks for your time,