IETF Logo Mail Archive

Re: [Uta] Certificate pinning?

Tom Ritter <tom@ritter.vg> Fri, 07 March 2014 22:02 UTC

Return-Path: <tom@ritter.vg>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 753F61A0149 for <uta@ietfa.amsl.com>; Fri, 7 Mar 2014 14:02:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id daDrmaRS0D7M for <uta@ietfa.amsl.com>; Fri, 7 Mar 2014 14:02:32 -0800 (PST)
Received: from mail-pb0-x229.google.com (mail-pb0-x229.google.com [IPv6:2607:f8b0:400e:c01::229]) by ietfa.amsl.com (Postfix) with ESMTP id 2A1181A012A for <uta@ietf.org>; Fri, 7 Mar 2014 14:02:32 -0800 (PST)
Received: by mail-pb0-f41.google.com with SMTP id jt11so4727423pbb.14 for <uta@ietf.org>; Fri, 07 Mar 2014 14:02:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=s1yk/t4UiCjh2wLPG0RTe4rdcXRGn3259eaNp/UrN88=; b=WhvYsiVuyOhQeDP2MrG3MWurknYLSK94MNTEOuCVJ5w1asnLT1mUQwamDYwmvgIgF7 BdVoxHRVZmvvBcjkohHkPfPvCvwWQ01mEgm8n7s+zVJtaka4nOhJH/HuoJqWtWrzaoEI QVsLUV4AKznxwP1Ca3rx6I7dcF1O+QMU7enuI=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=s1yk/t4UiCjh2wLPG0RTe4rdcXRGn3259eaNp/UrN88=; b=NCpU1pdAOxTW6zDNM/uLerMw5SLdX5Ao5d1QKE9eFFARsmybRqgZUp3OLN48Prfud4 DVQ23kSBQBylGr8984ULj5pCWGRYEpQp99EGF1VdoKG8u58Ua0hZvB2A9x2EfreYvUIO n2hXKHCggmHw6JTKck6wQNndUZ6Wd7z3A+n1oEigdUSdsKrTHri5e7FQDOUy/Hv4pUJl 2vp0Fuk/YCp4JRXfdO7WLTN515eVUMNgsj5JFjK9lZbZVJjqz0NvI1eOHiMAui9Skaqs goFyrrJY0ko81J/NtTWTc/YTTCN2ml+HQGEGFMWN+vLk8/Q8TJ0YtI/0O2x7tDHm3ZyB znAw==
X-Gm-Message-State: ALoCoQmq8eipeHoF6ClttH0GEDVLtZTF1PdelsH6pqy6XLl3LMZ6gBt8h4t4+wWoa/NXp75joZw3
X-Received: by 10.68.133.229 with SMTP id pf5mr24816756pbb.115.1394229747692; Fri, 07 Mar 2014 14:02:27 -0800 (PST)
MIME-Version: 1.0
Received: by 10.68.198.68 with HTTP; Fri, 7 Mar 2014 14:02:07 -0800 (PST)
In-Reply-To: <5472A050F724AB161474A2E7@caldav.corp.apple.com>
References: <5472A050F724AB161474A2E7@caldav.corp.apple.com>
From: Tom Ritter <tom@ritter.vg>
Date: Fri, 07 Mar 2014 17:02:07 -0500
Message-ID: <CA+cU71mTPKjb7NqkPgtyqx=+nfmWFSvw5512Owy_Tg__=8XDHg@mail.gmail.com>
To: Cyrus Daboo <cyrus@daboo.name>
Content-Type: text/plain; charset="ISO-8859-1"
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/40oiPXWFqR_YgXePcQOfAsi_NFA
Cc: uta@ietf.org
Subject: Re: [Uta] Certificate pinning?
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Mar 2014 22:02:33 -0000

Quite so.  http://tack.io/ is a mechanism for pinning that operates at
the TLS layer, making it usable for a wide variety of protocols,
without needing to redefine it for every application later protocol.

-tom

On 7 March 2014 10:12, Cyrus Daboo <cyrus@daboo.name> wrote:
> Hi,
> Has any thought been given to generalizing the certificate pinning work
> being done by the websec WG
> (<http://tools.ietf.org/html/draft-ietf-websec-key-pinning-11>) to make it
> applicable to other protocols?
>
> And, vice versa, what about taking the concept of security latches from
> draft-newman-email-deep-01 and making those available in HTTP?
>
> I guess this begs the question of what, if any, relationship is there
> between UTA and WebSec WGs?
>
> --
> Cyrus Daboo
>
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta

v2.23.0 | Report a Bug | By Email