Re: [websec] [saag] Pinning

Alexey Melnikov <alexey.melnikov@isode.com> Fri, 17 August 2012 12:56 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A3F021F8526; Fri, 17 Aug 2012 05:56:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.169
X-Spam-Level:
X-Spam-Status: No, score=-102.169 tagged_above=-999 required=5 tests=[AWL=-0.966, BAYES_00=-2.599, MIME_QP_LONG_LINE=1.396, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JzMNmdyHCEOn; Fri, 17 Aug 2012 05:56:29 -0700 (PDT)
Received: from waldorf.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id 353FE21F84E7; Fri, 17 Aug 2012 05:56:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1345208186; d=isode.com; s=selector; i=@isode.com; bh=q0YkPYMyJMbVRxe6UWeu7zCc0nwH40hINGExehkp3gk=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=qybYs4diXlLIaBBgHpghJBhsbci6qsT/NLSnMqkMmEra5uggRhGL6quoKs8GeuVN+4ryZn BCyip6nJbScI/MJ8mm5OCpQYXg2lCltjuxx5w2EkYZrSYIhHO0NecwYqmXtCMTG76say9n jUVyiSM0Bsh1xSy2OSj1n3xFPD4ynkw=;
Received: from [172.16.11.4] (shiny.isode.com [62.3.217.250]) by waldorf.isode.com (submission channel) via TCP with ESMTPA id <UC4=dQBdyH-5@waldorf.isode.com>; Fri, 17 Aug 2012 13:56:26 +0100
Message-ID: <502E3FDB.8060800@isode.com>
Date: Fri, 17 Aug 2012 13:58:03 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
To: Chris Palmer <palmer@google.com>
References: <31946C2A-4ACD-46D7-8977-49B681204A7B@checkpoint.com> <8E52CEC5-4FEB-4464-AB11-21F1B9208C5C@checkpoint.com> <38489744-05A9-45F0-A752-7F0B9E96E641@vpnc.org> <4FCF894B.8080002@gondrom.org> <CAOuvq20iC817T-9U3zWG7S2Z=uU=G0i6usOT915ky+9FO8_Zwg@mail.gmail.com>
In-Reply-To: <CAOuvq20iC817T-9U3zWG7S2Z=uU=G0i6usOT915ky+9FO8_Zwg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-transfer-encoding: quoted-printable
Cc: Chris Evans <cevans@google.com>, websec@ietf.org, paul.hoffman@vpnc.org, saag@ietf.org, Moxie Marlinspike <moxie@thoughtcrime.org>
Subject: Re: [websec] [saag] Pinning
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Aug 2012 12:56:30 -0000

On 10/08/2012 23:20, Chris Palmer wrote:
> Hi all,
>
> Resurrecting this ancient thread, and explicitly including Moxie and
> Trevor in case they aren't already on any of the relevant mailing
> lists.
>
> So ultimately I do think we should decide on either HPKP or TACK, but
> that we should make that decision after there has been some real-world
> deployment experience with both (or, sadly, real-world non-deployment
> of one or both).
>
> Additionally, HPKP and TACK might converge, more or less. I have plans
> to publish a new HPKP I-D that borrows some of TACK's pin activation
> and expiration ideas, for example.
>
> Additionally, one of the main criticisms of HPKP is that it is tied to
> HTTP. I currently don't consider that a huge problem — even though I
> consider TACK's TLS-generic-ness a nice benefit — for several reasons:
>
> * HTTPS is the big, important application that we need to secure right now.
>
> * IMAPS and POPS are surely on the list too, right after HTTPS; but
> specifying "IPKP" and "PPKP" is likely to be relatively
> straightforward once we get HPKP working.
I am surely hoping there would be no IMAP, POP or SMTP extensions to 
address this. IMHO, judging from past experiences of any new 
functionality being adopted by IMAP/POP/SMTP, chances of such extensions 
being deployed in any reasonable number of email clients any time soon 
are close to 0. I think some more generic facility (like a TLS 
extension) has much better chance of success.

Having said that, I think it is Ok if an HTTP facility is deployed now 
before the TLS extension is finalized.
> * It's not clear that SMTP over TLS is very beneficial, because you
> can't stop delivery due to pin validation failure (or really even
> regular old X.509 failure). You could use certificate errors as
> soft-fail spam signals, but you can in principle do that now, too,
> without explicit pinning. I don't know how much benefit you'd get from
> using pin validation failure as a spam signal.
>