Re: [Uta] dual meaning of "pinning" [was: Re: Proposed list of deliverables]
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Mon, 20 January 2014 21:55 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CEA541A0254; Mon, 20 Jan 2014 13:55:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id R8ecgb2nmD1h; Mon, 20 Jan 2014 13:55:24 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 40FF31A024B; Mon, 20 Jan 2014 13:55:23 -0800 (PST)
Received: from [192.168.13.107] (lair.fifthhorseman.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 93311F984; Mon, 20 Jan 2014 16:55:20 -0500 (EST)
Message-ID: <52DD9B46.2090803@fifthhorseman.net>
Date: Mon, 20 Jan 2014 16:55:18 -0500
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.2.0
MIME-Version: 1.0
To: Chris Palmer <palmer@google.com>
References: <0bc674da169f4772b0fb2173ed679115@BY2PR03MB300.namprd03.prod.outlook.com> <52DD0DC4.4010207@isode.com> <52DD4468.5010304@fifthhorseman.net> <CAOuvq21JQ2s3qBNA_za01XaHSpcXo3eRfx0PJehk6cY9=ZmO6w@mail.gmail.com>
In-Reply-To: <CAOuvq21JQ2s3qBNA_za01XaHSpcXo3eRfx0PJehk6cY9=ZmO6w@mail.gmail.com>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="IwGj5cNxbFjxRx92KLlRcSgtDJKQbsxiX"
Cc: "Orit Levin (LCA)" <oritl@microsoft.com>, "uta@ietf.org" <uta@ietf.org>, Pete Resnick <presnick@qti.qualcomm.com>, Chris Evans <cevans@google.com>, IETF WebSec WG <websec@ietf.org>, Alexey Melnikov <alexey.melnikov@isode.com>, Barry Leiba <barryleiba@computer.org>, Ryan Sleevi <sleevi@google.com>
Subject: Re: [Uta] dual meaning of "pinning" [was: Re: Proposed list of deliverables]
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Jan 2014 21:55:27 -0000
On 01/20/2014 01:57 PM, Chris Palmer wrote: > On Mon, Jan 20, 2014 at 7:44 AM, Daniel Kahn Gillmor > <dkg@fifthhorseman.net> wrote: > >> In 6125 and the two e-mail drafts above, "pinning" is used to refer to >> the activity that firefox describes as "adding a security exception" and >> chrome calls "proceed anyway" -- where the user (or someone) overrides > > (Note that Chrome does not remember your decision to Proceed Anyway, > although we are working on that.) ah, that's good to know, thanks for the heads-up. >> At the very least, it seems like new drafts should make it clear that >> their meaning of "pinning" does not mean the other well-known "pinning". > > Perhaps "key pinning" vs. "exception pinning"? I wanted to call > "exception pinning" "name pinning" at first, until I remembered DNS > pinning (to defend against > http://en.wikipedia.org/wiki/DNS_rebinding). So maybe we have 3 > pinnings. :) It's worth noting that 2 of the 3 (key pinning and DNS > pinning) refer to *reducing* the number of trusted entities. Hm, RFC 6125 pinning is also about certificates, not just public keys, so maybe it's "certificate exception pinning" -- but really it seems like a flavor of permissive TOFU (trust on first use) more than anything else. so we have: * DNS pinning: maintain DNS records in the browser (possibly past their TTL) to avoid DNS rebinding attacks. * key pinning: binds public keys to domain names (at the request of the origin server), forbids the use of certificates that do not include the pinned public keys somewhere in the cert chain. * certificate pinning: associate an otherwise non-valid End Entity (EE) certificate with a domain name (at the request of the user), permitting that certificate to be used with the domain name, but *without* forbidding any other certificate from use. > Anyway, I consistently refer to the behavior described in the key > pinning draft as "key pinning", if that helps. (Probably not.) I think it's a start, at least. > I can add an explanatory note to our draft, if that would help. I think a clarifying note in draft-ietf-websec-key-pinning is necessary (i don't know that it is sufficient). it could be just something to indicate that the key pinning described in the draft has entirely distinct semantics and characteristics than "RFC 6125 certificate exception pinning". --dkg
- [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] Proposed list of deliverables Linus Nordberg
- Re: [Uta] Proposed list of deliverables Leif Johansson
- Re: [Uta] Proposed list of deliverables Alexey Melnikov
- Re: [Uta] Proposed list of deliverables Paul Hoffman
- [Uta] dual meaning of "pinning" [was: Re: Propose… Daniel Kahn Gillmor
- Re: [Uta] dual meaning of "pinning" [was: Re: Pro… Alyssa Rowan
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] dual meaning of "pinning" [was: Re: Pro… Daniel Kahn Gillmor
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] Proposed list of deliverables Peter Saint-Andre
- Re: [Uta] Proposed list of deliverables Peter Saint-Andre
- Re: [Uta] Proposed list of deliverables Peter Saint-Andre
- Re: [Uta] Proposed list of deliverables Peter Saint-Andre
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] Proposed list of deliverables Peter Saint-Andre
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] Proposed list of deliverables Peter Saint-Andre
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] Proposed list of deliverables Yaron Sheffer
- Re: [Uta] Proposed list of deliverables Peter Saint-Andre
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)
- Re: [Uta] Proposed list of deliverables Alexey Melnikov
- Re: [Uta] Proposed list of deliverables Orit Levin (LCA)