IETF Logo Mail Archive

Re: [Uta] dual meaning of "pinning" [was: Re: Proposed list of deliverables]

Alyssa Rowan <akr@akr.io> Mon, 20 January 2014 17:30 UTC

Return-Path: <akr@akr.io>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A4921A01C9 for <uta@ietfa.amsl.com>; Mon, 20 Jan 2014 09:30:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.502
X-Spam-Level:
X-Spam-Status: No, score=-0.502 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id McNZa5VgoHPN for <uta@ietfa.amsl.com>; Mon, 20 Jan 2014 09:30:11 -0800 (PST)
Received: from entima.net (entima.net [78.129.143.175]) by ietfa.amsl.com (Postfix) with ESMTP id 39F421A01A2 for <uta@ietf.org>; Mon, 20 Jan 2014 09:30:10 -0800 (PST)
Received: from [10.10.42.10] (cpc5-derb12-2-0-cust796.8-3.cable.virginm.net [82.31.91.29]) by entima.net (Postfix) with ESMTPSA id E978C6027E for <uta@ietf.org>; Mon, 20 Jan 2014 17:30:09 +0000 (GMT)
Message-ID: <52DD5D2E.70107@akr.io>
Date: Mon, 20 Jan 2014 17:30:22 +0000
From: Alyssa Rowan <akr@akr.io>
MIME-Version: 1.0
To: uta@ietf.org
References: <0bc674da169f4772b0fb2173ed679115@BY2PR03MB300.namprd03.prod.outlook.com> <52DD0DC4.4010207@isode.com> <52DD4468.5010304@fifthhorseman.net>
In-Reply-To: <52DD4468.5010304@fifthhorseman.net>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Subject: Re: [Uta] dual meaning of "pinning" [was: Re: Proposed list of deliverables]
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jan 2014 17:30:13 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 20/01/2014 15:44, Daniel Kahn Gillmor wrote:

> [RFC6125 'pinning' => security exception vs. websec 'certificate
> pinning' => specified certificate confusion ]

Ohh, that could indeed be confusing. They're very nearly opposite
meanings, with a tiny overlap (the ≤­0.001% of users that might
actually check a fingerprint via some out-of-band means).

It seems to me that the only obvious course to try to avoid confusion
is to call the one that's not in an RFC yet something else, while we
still have a slim chance to.

Certificate 'anchoring', perhaps, since we're anchoring the
authentication to a particular certificate or chain of trust?

- -- 
/akr
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJS3V0uAAoJEOyEjtkWi2t6i7YQAIejEsMO4iURrrOyl5tckTcq
KE0ntEMAOHSQL2yiO7zNLURbGL3eVh/IoYXecCoJVnbD6O9cgR6MskigN9VaXRG2
W3pQKWYE5j0fLfvEQcnkXrKTCC6u4gedO3MLNppQqcVkqxpE9/PHBD2crwZqcMaj
g6GlpfS51lSrDvCvSkGM1Rv3gEsxAfSKmIVHAZgaTRYfrsrZy3pqja+uRi6LskoT
C+A/YAI+Dh8viH3GXHGrAbJrrDKMYkSHCSpaWimywjnSLDqQuJQkPJL9+oi36lFY
bESaPd3mfSd3KcDdUXrDC0hyzHOqRnVqOUbPcOo36c/WfzE5V5BZE70KMo0Pbnep
40q0sKRhdSvifyGDHTuSmMAdi/8VeuDC1MosE86xxBrs/cXAUDHI/lhoLa4LBW7w
47qTluKWxxdFgpC1xID6ylVgI7WuN+6lcGAl4L2kKo9onPGVnaIQ81efPiAEQjGz
MhJHTiDlhaS5lkpSMKPTFcbPiEEgR9ROTYj51Go6awoiwJiaRMEjOnB+Jbnc6dEQ
MWvzC1A3qdIj6fwo0BdG/HAyRFDkfxnRJRKM23OyyQMHXQ+P7boRWXFx/iHuPj1p
9fwOnyxGktgsQkPRtDxxJxFHzC1JtAGC+u6uYS+yEN1USyFLt3zLjLVvG9PD7njO
KoPgaRMDGR0L4kXnL45R
=voiG
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email