Re: [Uta] Certificate pinning?
Trevor Perrin <trevp@trevp.net> Tue, 11 March 2014 22:29 UTC
Return-Path: <trevp@trevp.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 498D31A0857 for <uta@ietfa.amsl.com>; Tue, 11 Mar 2014 15:29:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PSHyLAXfzEZ3 for <uta@ietfa.amsl.com>; Tue, 11 Mar 2014 15:29:44 -0700 (PDT)
Received: from mail-wg0-f42.google.com (mail-wg0-f42.google.com [74.125.82.42]) by ietfa.amsl.com (Postfix) with ESMTP id 1A8481A0834 for <uta@ietf.org>; Tue, 11 Mar 2014 15:29:43 -0700 (PDT)
Received: by mail-wg0-f42.google.com with SMTP id y10so10705766wgg.25 for <uta@ietf.org>; Tue, 11 Mar 2014 15:29:37 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=ygihwWpOuiHpMI0QuzOEcunM4kZ9+hLILJw0f/aFJdA=; b=kW6vuvyTTkJl1SGBO0wjk2H7fac0dQmmcNrLaYHcyiHb5EVKeniaS6DVlozYHqDlIE n9KXa4a6CFv9tUD00DgTq9l2qcyWCnQMmXX2Jnx+86xOu93sSZ0puoRGaCcRAtrLT0ZR 5tfCw1ncQE5rehiQYzEQRUwwfOFnUx4BiXZWacLQMrcfNMgU781njB+ktiP6vqKHgXkh ZSYaOnefTP8qCN2cKQ+C6oUbcolbLk7ta37GWRHNkrMXnibKJM2Uabrm4nDcaqYAq63t RLBD9z0jyvPjo5nlqjk+uwcPmLazVFQ3t8ou2Svfmk58d1/rqabRGyakwne8xvYKyi1E 2rNg==
X-Gm-Message-State: ALoCoQm6kzon6DhWzqnwj24562AhhUwIqGZ5Xlcl9FI5WuC2prMKihJKCOzuxkyf7k5xVpXxfOMh
MIME-Version: 1.0
X-Received: by 10.194.120.101 with SMTP id lb5mr103515wjb.74.1394576977663; Tue, 11 Mar 2014 15:29:37 -0700 (PDT)
Received: by 10.216.45.146 with HTTP; Tue, 11 Mar 2014 15:29:37 -0700 (PDT)
X-Originating-IP: [184.23.29.222]
In-Reply-To: <531F764A.3030807@network-heretics.com>
References: <5472A050F724AB161474A2E7@caldav.corp.apple.com> <CA+cU71mTPKjb7NqkPgtyqx=+nfmWFSvw5512Owy_Tg__=8XDHg@mail.gmail.com> <CAGZ8ZG2WC_+sLYvgjgjwL1SSOrZN1ddMMvsA2Gpnka55b2fexA@mail.gmail.com> <78aa46ac06424a378e760cc4b0f8eea8@BL2PR03MB290.namprd03.prod.outlook.com> <531F6E1E.8090207@network-heretics.com> <11402BF741C718017A2F138E@caldav.corp.apple.com> <2A0EFB9C05D0164E98F19BB0AF3708C711FC6D545C@USMBX1.msg.corp.akamai.com> <C5137711AFFF60322AB5C597@caldav.corp.apple.com> <531F764A.3030807@network-heretics.com>
Date: Tue, 11 Mar 2014 15:29:37 -0700
Message-ID: <CAGZ8ZG1QcDWw0bx0czJAQ-bgn5sFuT6GFeUYbztqkXdE00NvTw@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Keith Moore <moore@network-heretics.com>
Content-Type: multipart/alternative; boundary="089e011829145dadfb04f45c41a6"
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/JqGtqYGF8tK3V_Bv6MzXvfPeeSE
Cc: "uta@ietf.org" <uta@ietf.org>
Subject: Re: [Uta] Certificate pinning?
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Mar 2014 22:29:46 -0000
On Tue, Mar 11, 2014 at 1:47 PM, Keith Moore <moore@network-heretics.com>wrote: > On 03/11/2014 04:38 PM, Cyrus Daboo wrote: > >> >> <http://tools.ietf.org/html/draft-ietf-websec-key-pinning-11> >> >> > Interesting. Offhand, it seems unfortunate that (for this particular > mechanism) the indication provided by the server is in the HTTP protocol > rather than the TLS protocol. If the indication were in the TLS protocol > it would presumably be easier to get it incorporated into TLS stacks and > automatically checked by client applications. > Yep, that's one of the rationales behind TACK: http://tack.io https://tools.ietf.org/html/draft-perrin-tls-tack-02 Trevor
- [Uta] Certificate pinning? Cyrus Daboo
- Re: [Uta] Certificate pinning? Tom Ritter
- Re: [Uta] Certificate pinning? Trevor Perrin
- Re: [Uta] Certificate pinning? Orit Levin (LCA)
- Re: [Uta] Certificate pinning? Keith Moore
- Re: [Uta] Certificate pinning? Cyrus Daboo
- Re: [Uta] Certificate pinning? Salz, Rich
- Re: [Uta] Certificate pinning? Keith Moore
- Re: [Uta] Certificate pinning? Cyrus Daboo
- Re: [Uta] Certificate pinning? Keith Moore
- Re: [Uta] Certificate pinning? Trevor Perrin
- Re: [Uta] Certificate pinning? Salz, Rich
- Re: [Uta] Certificate pinning? Trevor Perrin
- Re: [Uta] Certificate pinning? Trevor Perrin
- Re: [Uta] Certificate pinning? Yan Zhu
- Re: [Uta] Certificate pinning? Daniel Kahn Gillmor
- Re: [Uta] Certificate pinning? Yan Zhu
- Re: [Uta] Certificate pinning? Trevor Perrin