Re: [websec] Comments on draft-ietf-websec-key-pinning-06
Trevor Perrin <trevp@trevp.net> Mon, 24 June 2013 01:13 UTC
Return-Path: <trevp@trevp.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8645911E80E4 for <websec@ietfa.amsl.com>; Sun, 23 Jun 2013 18:13:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.425
X-Spam-Level:
X-Spam-Status: No, score=-0.425 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rVkCMxHV1jb4 for <websec@ietfa.amsl.com>; Sun, 23 Jun 2013 18:13:25 -0700 (PDT)
Received: from mail-we0-x229.google.com (mail-we0-x229.google.com [IPv6:2a00:1450:400c:c03::229]) by ietfa.amsl.com (Postfix) with ESMTP id DB49411E80F6 for <websec@ietf.org>; Sun, 23 Jun 2013 18:13:24 -0700 (PDT)
Received: by mail-we0-f169.google.com with SMTP id n57so7853831wev.28 for <websec@ietf.org>; Sun, 23 Jun 2013 18:13:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=Y1rSfbRb5YJB1MWOA3eJ/qw6aHaeJY/VppU2I0yV6oI=; b=mHvLSvKiKYEmjddT/wF5wPlokwGGxc31EPnOiBzFGzc7Nki5wmtlWujAFvOsc6kzdR L0KlHll/tPTRNxG2YjvACAoMu0lhhu89mKYmNEbVGP1bGwT6UK5PjF4SzgdvIN6DSNoC z8248h5jPUhl936oPcbjBzbz012sywLyO5KNX5tb0uQKyl1tuy3hqi5M8sqyHPGmu4ta i3irLB/qJBx3h+R4bktM/3mE5SaprnF9m7Jqwejd5Ra+HKxQGW+lT8naKBUlO6z0rC9T f5zEMtTymbDdeYmBUgI76UQKBzjpvJvTle1yO1ozgJDXjVlH3uAYSL91SsJ1YmdAm+hQ JlZQ==
MIME-Version: 1.0
X-Received: by 10.194.24.40 with SMTP id r8mr7481244wjf.7.1372036402643; Sun, 23 Jun 2013 18:13:22 -0700 (PDT)
Received: by 10.216.212.9 with HTTP; Sun, 23 Jun 2013 18:13:22 -0700 (PDT)
X-Originating-IP: [173.11.70.186]
In-Reply-To: <6F2FE5F2-D02C-4B09-A6CA-7C3B63722E34@checkpoint.com>
References: <8c03997da80b4e8da7100491011b8c12@BN1PR03MB039.namprd03.prod.outlook.com> <6F2FE5F2-D02C-4B09-A6CA-7C3B63722E34@checkpoint.com>
Date: Sun, 23 Jun 2013 18:13:22 -0700
Message-ID: <CAGZ8ZG32cRRU3rQ31cN0ZB78_Oxn7E4LpyTpYi0bT59jhzNuiw@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Yoav Nir <ynir@checkpoint.com>
Content-Type: multipart/alternative; boundary="047d7b5d352866161004dfdc1e84"
X-Gm-Message-State: ALoCoQndUJkwlDAtj9LyULQWWASnTwTHBJ/JlUq08H8VidWUc17AV/AmnzBb+a2srAjTXEs8ShMG
Cc: David Matson <dmatson@microsoft.com>, "websec@ietf.org" <websec@ietf.org>
Subject: Re: [websec] Comments on draft-ietf-websec-key-pinning-06
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2013 01:13:30 -0000
On Sun, Jun 23, 2013 at 12:25 AM, Yoav Nir <ynir@checkpoint.com> wrote: > Hi David > > As far as I know, this idea was not discussed before. If we were to do > this, the proper URI for this would be some kind of RFC 5785 URI like > "/.well-known/pins" or "/.well-known/hpkp". > > Looking at the examples in the key-pinning draft, an HPKP header using > SHA-1 takes just under 120 bytes. > Depends on the number of pinned keys. Chrome's existing preloads [1] have 9, 5, 19, 36, 2, and 2 keys. That's a mean of 12, which would be >500 bytes with SHA256. > Compared to some of the stuff that gets sent in HTTP headers (I'm looking > at you, user-agent) this is pretty tame. Moreover, the key-pinning header > does not have to be sent in every response - it's enough to send it once > per full TLS handshake. > I thought so too, but draft-04 and later say: "If the Pinned Host does not include the PKP header field, and if the connection passed Pin Validation, UAs MUST treat the host as if it had set its max-age to 0 (see Section 2.3.1)." So apparently it *does* need to be sent on every response, to maintain the pin? Still, I can see several merits in your proposal: > - clients that don't support key pinning need not get a header they're > not going to process > - Inserting a header only in the first response requires information from > the TLS layer, so it's easier to just insert the header in every response. > - HTTP/2 is not yet here, let alone wide-spread. > Agreed it has merit, particularly if there's any possibility of future pinning policies growing larger with other types of data (e.g. policies for error-handling and reporting, or "pinning" to other things like CT, DNSSEC, TACK, etc...) Trevor
- [websec] Comments on draft-ietf-websec-key-pinnin… David Matson
- Re: [websec] Comments on draft-ietf-websec-key-pi… Yoav Nir
- Re: [websec] Comments on draft-ietf-websec-key-pi… Trevor Perrin
- Re: [websec] Comments on draft-ietf-websec-key-pi… Tobias Gondrom
- Re: [websec] Comments on draft-ietf-websec-key-pi… Trevor Perrin
- Re: [websec] Comments on draft-ietf-websec-key-pi… Chris Palmer
- Re: [websec] Comments on draft-ietf-websec-key-pi… Chris Palmer
- Re: [websec] Comments on draft-ietf-websec-key-pi… Tobias Gondrom
- Re: [websec] Comments on draft-ietf-websec-key-pi… Trevor Perrin
- Re: [websec] Comments on draft-ietf-websec-key-pi… Trevor Perrin
- Re: [websec] Comments on draft-ietf-websec-key-pi… Tobias Gondrom
- Re: [websec] Comments on draft-ietf-websec-key-pi… Phillip Hallam-Baker
- Re: [websec] Comments on draft-ietf-websec-key-pi… Trevor Perrin
- Re: [websec] Comments on draft-ietf-websec-key-pi… Phillip Hallam-Baker