Re: [websec] HPKP: Cross-signing with a self-signed certificate and pinning that cert?
Joseph Bonneau <jbonneau@gmail.com> Tue, 22 September 2015 05:31 UTC
Return-Path: <jbonneau@gmail.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2E191A8AE3 for <websec@ietfa.amsl.com>; Mon, 21 Sep 2015 22:31:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z5-m5TBAxWAE for <websec@ietfa.amsl.com>; Mon, 21 Sep 2015 22:31:50 -0700 (PDT)
Received: from mail-ig0-x236.google.com (mail-ig0-x236.google.com [IPv6:2607:f8b0:4001:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 199281A8ADE for <websec@ietf.org>; Mon, 21 Sep 2015 22:31:50 -0700 (PDT)
Received: by igbkq10 with SMTP id kq10so74815900igb.0 for <websec@ietf.org>; Mon, 21 Sep 2015 22:31:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=4vraCIWH9X+orFDNV7bcijkh+llotNCW6dd0BinT1a0=; b=i0jHe6mEweumUAF13gQWWB+HRDlwp3qMmE+gS0fHmkcXCVuazwIqWlCRuhTpPlIJ15 jgiJRidmLLQz0QchIU2tZyaKNjhDMhuZtsK7f851iyoltOGrqAY4/ujBcb3FjWTeUjWK PWIEjCPVJKekpfNQMX2AKlTuUg+AJR75efOz6RhdxA6kclSFISv8zehn4HmIDHNws7u+ CB4DcvpI9IivqNru3NDLLfdYS/gFZdwV9LP6hExir74DFzlCP8T026K4bLQBLwQQH8bN RAcvuobnr7QAa+R1xsTfbpr565GMI6MqxVfGPlaN9eRbhXIEewxr9lb3yNUww9gxkeqf ZyIg==
X-Received: by 10.50.79.167 with SMTP id k7mr14179339igx.67.1442899909425; Mon, 21 Sep 2015 22:31:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.1.75 with HTTP; Mon, 21 Sep 2015 22:31:30 -0700 (PDT)
In-Reply-To: <CAD4tEwhLXn61X9RJNjjBcaBWJ+tGAGOtQTGNthF5NPXhT4qsJg@mail.gmail.com>
References: <CAD4tEwhLXn61X9RJNjjBcaBWJ+tGAGOtQTGNthF5NPXhT4qsJg@mail.gmail.com>
From: Joseph Bonneau <jbonneau@gmail.com>
Date: Mon, 21 Sep 2015 22:31:30 -0700
Message-ID: <CAOe4UinkH_iiT7qux7K6+_qqoU0OQnNmP-5u-JmETSkW3RkWCQ@mail.gmail.com>
To: jxtps435 <jxtps435@gmail.com>
Content-Type: multipart/alternative; boundary="089e013a1a388c445405204f50de"
Archived-At: <http://mailarchive.ietf.org/arch/msg/websec/6XpgHQJYRutrps9AZWeBPy_0pLU>
Cc: "<websec@ietf.org>" <websec@ietf.org>
Subject: Re: [websec] HPKP: Cross-signing with a self-signed certificate and pinning that cert?
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Sep 2015 05:31:53 -0000
You might want to check out TACK (http://tack.io/) which is the closes proposal I know of to this. Reasons this hasn't caught on: 1) Requires site owners to create and reason about a second private key/certificate 2) Requires more changes to TLS stack. On Mon, Sep 21, 2015 at 4:18 PM, jxtps435 <jxtps435@gmail.com> wrote: > I'm interested in implementing HPKP on my sites, but it is a bit tricky to > do: > > - We add / remove websites from a single SAN certificate on a semi-regular > basis. > > - Our CA recently switched out at least their intermediate, if not their > root cert in response to the SHA1 -> SHA256 transition. > > - We'd like to be able to switch root CA for business reasons. > > So pinning any of these certs seems like a recipe for disaster (maybe > things won't change in the future, but when they have demonstrably changed > in the past I would / should get fired if I don't take that into account). > > So basically, I need to be able to switch out our certificates at any > time, for any reason, to any CA, without bricking our sites, to be able to > use HPKP. > > Sounds impossible, right? > > But wait. What if I could cross-sign my certificates with a self-signed > certificate and pin that certificate? > > So the browser would trust the regular root CA's authority, but it would > do the pinning to my not-at-all-trusted self-signed certificate, enabling > me to update my certs whenever I want, and as long as I can keep my > self-signed cert safe no-one else can tamper with our sites. > > Would that work in theory? Would that work with current implementations? > Thoughts? > > > (I don't know the details of cross-signing, but apparently Google does it: > http://googleonlinesecurity.blogspot.com/2015/09/disabling-sslv3-and-rc4.html > ) > > > > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec > >
- [websec] HPKP: Cross-signing with a self-signed c… jxtps435
- Re: [websec] HPKP: Cross-signing with a self-sign… Joseph Bonneau
- Re: [websec] HPKP: Cross-signing with a self-sign… Jeffrey Walton