Re: [websec] #55: Clarify that the newest pinning information takes precedence

Chris Palmer <palmer@google.com> Mon, 01 April 2013 22:28 UTC

Return-Path: <palmer@google.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4800511E80F6 for <websec@ietfa.amsl.com>; Mon, 1 Apr 2013 15:28:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tTJdJKqen0aC for <websec@ietfa.amsl.com>; Mon, 1 Apr 2013 15:28:29 -0700 (PDT)
Received: from mail-ve0-f182.google.com (mail-ve0-f182.google.com [209.85.128.182]) by ietfa.amsl.com (Postfix) with ESMTP id 7D2E411E80FB for <websec@ietf.org>; Mon, 1 Apr 2013 15:28:29 -0700 (PDT)
Received: by mail-ve0-f182.google.com with SMTP id m1so3120643ves.41 for <websec@ietf.org>; Mon, 01 Apr 2013 15:28:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=CSS/ViO1qVv9ZkLtFlEUHxrM4gJsxa7st2JQtKTrspg=; b=ctT6v9MXUiR1PPhbgIc5m0FjN2hMt0B+zmZyAg6eqdSC3oWWm4HugS9gL8/PhGQ5QQ drxEu0vSWAr/g4OVjLEWAC858TnOHhO5j3QHstiwQi/MlJ0AJ2z7VIm1aU+QshA8IL6/ M5/Bblqw/iXKMB1OLfvjhALFNGuopmVxzsYBZfgBPtY2ESyocGI5g7EIgnUkDyMVhYrG spZVq965mitO/603dhG8wx8w0DTBZB7KslqiEcxs04xhZnutepfrKgtOW6UkwUn/tWpO aJZV+y0VoSYEygAjBQx154OIiupouEI8r6Ytj0Gc8rKbQMarO0U0FqHmNzZx1RM4F37l usZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type:x-gm-message-state; bh=CSS/ViO1qVv9ZkLtFlEUHxrM4gJsxa7st2JQtKTrspg=; b=ULq81urjZ1YH4sTkv1ah+eOxojpuSNN9Opl5EPVYUnlj44RRELZZTukfxaGvVltCYw DbOWPIhsrapIpotjRaaEhuKsYrA56zb6/+PAW0QfMCRjnmdF3Pqmq4CbKSiRLumxAKIW j0R6I6A8kW+mEM3pMIZazMBgy01pI49MZ/Xy469QkChEOipUL6aWr4R23FrZ1UbPe+MZ lLhPaK9FEom3uxzTXhoF05LgK3tgi6pVTIryFxS8P4YfTolCDpgkkz6x907rzI5CEsfE ETf4hV5veq/K3m4lNDs1eg1nPnoECw7NDxUQzNwXoHLXcvkrhadX+SVsE2Jj9o9Fn+nz SG8g==
MIME-Version: 1.0
X-Received: by 10.52.21.175 with SMTP id w15mr9115505vde.100.1364855297728; Mon, 01 Apr 2013 15:28:17 -0700 (PDT)
Received: by 10.58.179.19 with HTTP; Mon, 1 Apr 2013 15:28:17 -0700 (PDT)
In-Reply-To: <CA+cU71n_8b7R8KRwWi-V0kmuwPqBwpAzy6W6MXeC=AYSwc5TMw@mail.gmail.com>
References: <058.106749b7ec8d8775c9a7c03ff71b6de4@trac.tools.ietf.org> <073.ec94ba2e71513562888c29f0af0b3306@trac.tools.ietf.org> <CA+cU71n_8b7R8KRwWi-V0kmuwPqBwpAzy6W6MXeC=AYSwc5TMw@mail.gmail.com>
Date: Mon, 1 Apr 2013 15:28:17 -0700
Message-ID: <CAOuvq217S6SsuBQ29qajftMVMi28pysdzAt0bzB1F2h3=NHX9Q@mail.gmail.com>
From: Chris Palmer <palmer@google.com>
To: Tom Ritter <tom@ritter.vg>
Content-Type: text/plain; charset=UTF-8
X-Gm-Message-State: ALoCoQn6fb0LihWWDOpd1Af8TJP3nEcQ1AlqwJIcVXGKN4N6SHrE3Bh4rA2lqmBJRpiZwp1tVz3l5XH7n8TgOKwfq0vccBurBey+PNGqS6Mq1mdYr2lQ8e5CjII8WHy6R7ZBxuowoTcYJQuTt2IevmNjf/VxxSDmCEN7AnTu6cv/KQwo+bB7vf03sNYCBK1NaOSTZnPSCKQR
Cc: websec issue tracker <trac+websec@trac.tools.ietf.org>, IETF WebSec WG <websec@ietf.org>, Ryan Sleevi <sleevi@google.com>
Subject: Re: [websec] #55: Clarify that the newest pinning information takes precedence
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Apr 2013 22:28:30 -0000

On Wed, Mar 27, 2013 at 7:54 PM, Tom Ritter <tom@ritter.vg> wrote:

> " The UA MUST evict all expired Known Pinned Hosts if at any time, an
> expired Known Pinned Host exists in the cache"
>
> I use rrdtool to keep 5 years of statistics for my server.  Once, I
> accidentally set the date forward, to 2038, wiping out my statistics -
> there was no way to recover, because rrdtool dutifully wiped all this
> expired data.
>
> Using the word 'evict' seems particularly dangerous, for both active
> ntp attacks, and accidental wiping.

Yoav says the text works for him. I wonder if we can satisfy both by
saying something like "the UA MUST ignore expired Known Pinned Hosts
in the cache." That way, if the client machine gets its clocked fixed
and the expired KPHs become un-expired, happiness will ensue once
again. Ryan, thoughts?