Re: [websec] HPKP and preloaded pin lists
Joseph Bonneau <jbonneau@gmail.com> Sat, 22 June 2013 15:45 UTC
Return-Path: <jbonneau@gmail.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0477521F9F31 for <websec@ietfa.amsl.com>; Sat, 22 Jun 2013 08:45:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 83O89y0-ltqm for <websec@ietfa.amsl.com>; Sat, 22 Jun 2013 08:45:42 -0700 (PDT)
Received: from mail-vb0-x236.google.com (mail-vb0-x236.google.com [IPv6:2607:f8b0:400c:c02::236]) by ietfa.amsl.com (Postfix) with ESMTP id 6DA4921F9DA0 for <websec@ietf.org>; Sat, 22 Jun 2013 08:45:42 -0700 (PDT)
Received: by mail-vb0-f54.google.com with SMTP id q12so6902085vbe.27 for <websec@ietf.org>; Sat, 22 Jun 2013 08:45:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=8beaT0TOguSOtT3sMMbOEhdFdSajfUJe4uTZWORyXKQ=; b=hhwIVuiouZU6H6g+2AORIguhfb7vGJKnyhMo/67xPO48CIVOoEE7Sg7Zu2XrHp1CDv TSv4ozezgS5HGkELstNfGp2OTkBT28T4fPyAhDJWlD/qiXMx5RVrk6GRh10z6qPeEeMc 69eTxDzazplMfRWYoFmZ1QHvmAWApToN9WqMAxsV8LjrgQNp1N4SCR/HMfc0Qz9q7VlU jh3PFIWv897PqIIvv1t+iR2HMhRKCfALDRNnCfJHNsp0VgAr8IHZCzk8KW9LzeDE8/6c cz95Nqy7+Fd8ieipXgr/Ktz/0SkhGkOH1YJ78yIBXk8QmkYRiOf8L58s5weZzaNjcoEs A2yw==
X-Received: by 10.220.44.195 with SMTP id b3mr7805719vcf.62.1371915940887; Sat, 22 Jun 2013 08:45:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.220.103.69 with HTTP; Sat, 22 Jun 2013 08:45:20 -0700 (PDT)
In-Reply-To: <CAGZ8ZG1iyKVB4y7V_1VxThXJWv5BD2Sy0S8dvqzVU=6Tj1sdSg@mail.gmail.com>
References: <CAGZ8ZG1iyKVB4y7V_1VxThXJWv5BD2Sy0S8dvqzVU=6Tj1sdSg@mail.gmail.com>
From: Joseph Bonneau <jbonneau@gmail.com>
Date: Sat, 22 Jun 2013 11:45:20 -0400
Message-ID: <CAOe4UimwH5_hoUsOK+nJJ9x3j9syRrKCSEjVtbrtcQTxSrPB5g@mail.gmail.com>
To: Trevor Perrin <trevp@trevp.net>
Content-Type: multipart/alternative; boundary="001a11c2c9ac51813404dfc0125f"
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] HPKP and preloaded pin lists
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 22 Jun 2013 15:45:43 -0000
> In this case, the browser MUST ignore the preloaded pin, and only apply > the pin it noted at T15. > I would support changing this from MUST to SHOULD, with the understanding that browsers may have forgotten the pin noted at T15 in Trevor's example for multiple possible reasons (space constraints, user clears history, etc.) in which case they will revert to the preloaded pin. In practice a site attempting to un-pin a bad preloaded pin will have to serve the "un-pin" header for the lifetime of the bad preloaded pin no matter what, because some browsers may never visit the site site until the end of the life of the bad preload. So I don't see that making this a MUST makes life any easier for site operators, and as Trevor pointed out it may cause excessive complexity for browsers. Joe
- [websec] HPKP and preloaded pin lists Trevor Perrin
- Re: [websec] HPKP and preloaded pin lists Joseph Bonneau
- Re: [websec] HPKP and preloaded pin lists Yoav Nir