Re: [websec] Comments on draft-ietf-websec-key-pinning-06
Trevor Perrin <trevp@trevp.net> Tue, 25 June 2013 02:23 UTC
Return-Path: <trevp@trevp.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55B4111E80F4 for <websec@ietfa.amsl.com>; Mon, 24 Jun 2013 19:23:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.701
X-Spam-Level:
X-Spam-Status: No, score=-1.701 tagged_above=-999 required=5 tests=[AWL=1.276, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RjfcZwEYQKYH for <websec@ietfa.amsl.com>; Mon, 24 Jun 2013 19:23:46 -0700 (PDT)
Received: from mail-wi0-f170.google.com (mail-wi0-f170.google.com [209.85.212.170]) by ietfa.amsl.com (Postfix) with ESMTP id 02F9C21E8063 for <websec@ietf.org>; Mon, 24 Jun 2013 19:23:43 -0700 (PDT)
Received: by mail-wi0-f170.google.com with SMTP id ey16so361885wid.5 for <websec@ietf.org>; Mon, 24 Jun 2013 19:23:43 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=rPKwX6Yp+JqPL0evUvY+grTQmNiglg7ZMI3xyxLpjBA=; b=bOAvOi2ltMjfLhaQDsk/Dl5TIP9/6+XSQ3yiMgcxm+B9BL3EVL5nXhJdvteFH+sIxD Mp5DbI2YFBbB0Tk/UjL8MSKKhau59FCrCGZ6xeNNZBhG9x23xuN3ZPfmEQ7ud8VZBhAa G+D+yjIO6UrXBwLrqnA6c+c0WXsENuPSEFW9PcEjDSq862MivP5EisNzn5IvfpYOu0Ja MoUIMIDb3aq7rqLX03wwWPoeQAb+QG5lmds4LAHmex329BO0rBvydIvUYsPguGlugpJ3 NJtF0NboCq46Xt044WoSjwu+USR53y62iioTAnOTxDcn57Xg0yukFj07PuQyXuDwZiWK YqLw==
MIME-Version: 1.0
X-Received: by 10.194.83.195 with SMTP id s3mr18696270wjy.82.1372127023121; Mon, 24 Jun 2013 19:23:43 -0700 (PDT)
Received: by 10.216.212.9 with HTTP; Mon, 24 Jun 2013 19:23:43 -0700 (PDT)
X-Originating-IP: [12.27.66.5]
In-Reply-To: <51C8F2AE.5040101@gondrom.org>
References: <8c03997da80b4e8da7100491011b8c12@BN1PR03MB039.namprd03.prod.outlook.com> <6F2FE5F2-D02C-4B09-A6CA-7C3B63722E34@checkpoint.com> <CAGZ8ZG32cRRU3rQ31cN0ZB78_Oxn7E4LpyTpYi0bT59jhzNuiw@mail.gmail.com> <51C7EECC.3020108@gondrom.org> <CAGZ8ZG0UiE9PJgscA+6yOqJxY_UWmjZfexdj+5w12wt=ChhziA@mail.gmail.com> <51C8F2AE.5040101@gondrom.org>
Date: Mon, 24 Jun 2013 19:23:43 -0700
Message-ID: <CAGZ8ZG01a7JDfzjsGcnwbPLVPDhWj3R+MsbNmC8f_LtzDfHupg@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Tobias Gondrom <tobias.gondrom@gondrom.org>
Content-Type: multipart/alternative; boundary="047d7bdc7c90ccd8f204dff13716"
X-Gm-Message-State: ALoCoQki8kbsf8Eyv/yIwreJMIDZaAAKXX78hrUNR/zN7SV5CfhIFqSLUe9F3zHdpTdP8/WeAi0D
Cc: IETF WebSec WG <websec@ietf.org>, David Matson <dmatson@microsoft.com>
Subject: Re: [websec] Comments on draft-ietf-websec-key-pinning-06
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Jun 2013 02:23:51 -0000
On Mon, Jun 24, 2013 at 6:30 PM, Tobias Gondrom <tobias.gondrom@gondrom.org>wrote: > On 25/06/13 05:06, Trevor Perrin wrote: > > > On Mon, Jun 24, 2013 at 12:01 AM, Tobias Gondrom < > tobias.gondrom@gondrom.org> wrote: > >> >> On 24/06/13 09:13, Trevor Perrin wrote: >> >> Depends on the number of pinned keys. Chrome's existing preloads [1] >> have 9, 5, 19, 36, 2, and 2 keys. That's a mean of 12, which would be >500 >> bytes with SHA256. >> >> IMHO the expected session will be 2 keys with SHA-160 to SHA-512 per >> host. >> > > I don't know what the common case would be. The numbers I cited are > from the Chromium's preloaded key pins: > > > https://src.chromium.org/viewvc/chrome/trunk/src/net/http/transport_security_state_static.json > > Note that a commercial CA might have several subordinate and root > certificates, with different keys. To pin yourself to this CA, you may > need to list several of these keys, and to be conservative a site might pin > multiple CAs. > > (Are you suggesting that sites would list both a SHA256 and SHA1 hash > for each pinned key? That seems unnecessary.) > > > No I am not suggesting to send both hashes. That would be unnecessary and > of very use. > So that means: 2 keys (the main key and the backup key) with one hash each > (SHA-160 OR SHA-256 OR SHA-512 OR ...) > You're ignoring pinning to CAs, which is a major use case for HPKP. > I remember one large bank that seems due to whatever historic reason is > actually using different certificates for every singly server instance, > which obviously could then go into the 100s or 1000s.... - but I don't > worry about this too much as AFAIK this was more duet to misunderstanding > regulation and a stupid architecture - so will just need to clean up before > they can go to pinning - which is fair in my eyes.) > A single hostname could be using different SSL keys at the same time for various reasons, e.g. in-progress key changes, geographically distributed servers, HSM limitations, CDNs, etc. So you can't ignore this case quite so easily. It's one of the reasons I prefer pinning signing keys to pinning SSL keys. I see. From my humble experience, I would agree with Chris (in his later > email) and don't see a performance problem with this. So I don't think we > need to consider the URI option. > OK. Trevor
- [websec] Comments on draft-ietf-websec-key-pinnin… David Matson
- Re: [websec] Comments on draft-ietf-websec-key-pi… Yoav Nir
- Re: [websec] Comments on draft-ietf-websec-key-pi… Trevor Perrin
- Re: [websec] Comments on draft-ietf-websec-key-pi… Tobias Gondrom
- Re: [websec] Comments on draft-ietf-websec-key-pi… Trevor Perrin
- Re: [websec] Comments on draft-ietf-websec-key-pi… Chris Palmer
- Re: [websec] Comments on draft-ietf-websec-key-pi… Chris Palmer
- Re: [websec] Comments on draft-ietf-websec-key-pi… Tobias Gondrom
- Re: [websec] Comments on draft-ietf-websec-key-pi… Trevor Perrin
- Re: [websec] Comments on draft-ietf-websec-key-pi… Trevor Perrin
- Re: [websec] Comments on draft-ietf-websec-key-pi… Tobias Gondrom
- Re: [websec] Comments on draft-ietf-websec-key-pi… Phillip Hallam-Baker
- Re: [websec] Comments on draft-ietf-websec-key-pi… Trevor Perrin
- Re: [websec] Comments on draft-ietf-websec-key-pi… Phillip Hallam-Baker