[websec] Fwd: New Version Notification for draft-ietf-websec-key-pinning-03.txt

Chris Palmer <palmer@google.com> Tue, 16 October 2012 18:49 UTC

Return-Path: <palmer@google.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A76121F87EC for <websec@ietfa.amsl.com>; Tue, 16 Oct 2012 11:49:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kqqqOa05Y+Wb for <websec@ietfa.amsl.com>; Tue, 16 Oct 2012 11:49:03 -0700 (PDT)
Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com [209.85.217.172]) by ietfa.amsl.com (Postfix) with ESMTP id 81F1A21F87E4 for <websec@ietf.org>; Tue, 16 Oct 2012 11:49:03 -0700 (PDT)
Received: by mail-lb0-f172.google.com with SMTP id k13so5080178lbo.31 for <websec@ietf.org>; Tue, 16 Oct 2012 11:49:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding:x-system-of-record; bh=RSxPO6UGXwolLT6DNMijZZz39H/uEE6TILMXGyDDX9o=; b=WLrpbpYzszjUUFuXvvTMjZ9MbWcZDhNx6WsizzLtvSOKwRNKBa5T/11XOTcnHeGlsK funTWYZMqFcKvhHaoyWGj5H8Wozcu6ebj+bGqo8Zr6O0hxWv0ZJ0//cB4GJt0sCydXot 66SU536suNXGWyRWCZLw6PBHdiKK7kAHynT6LU6UJ81hxHGY6cfCS9FW51a8HeeAexYo NuvkVhXz9nQPk/skjX++C+OrtJoKGBMAoC12IGQqAsbXeX6DlpsWrq+/Hg0cWCSvrThJ KwxVkqBCBMJ4CInIhsmA0WSPIbj+ASvT2KJB5xAKnSQfh7ujT+teryFqLt6YsTbqmqiT ThcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding:x-system-of-record :x-gm-message-state; bh=RSxPO6UGXwolLT6DNMijZZz39H/uEE6TILMXGyDDX9o=; b=QB0QfCHpvjJcI3ZunWwSKVGxlyXM/0sgY/XETgTqJQR02fZpTDfC/n8WJKPRHOB9GT mGFvB5G2n68KwABAoOnaDCfIdjJvbVuPM59gKkSkvj5kLu6drunEMnSbbjVGONtCMTmz FeaGzVTepYrFWWuwtuhh0o5jzc5Sai31DQT9V/9EAqouQmbiwQ95ucW3sObV0QxnvrSd 95lKVdPW6Lvd/WoZ1MUdtiTNqlo1cP8G9McuHxvTxv8gfP/9wALc08QhklZOzKrUXbev N97SgBkf48vsQ+/g5xWlTZdTkGaL5eQ37FzsHJyBNWQAfp8ITdASfQQklp8eS3HjeD94 HaTA==
MIME-Version: 1.0
Received: by 10.152.133.140 with SMTP id pc12mr13574547lab.53.1350413342485; Tue, 16 Oct 2012 11:49:02 -0700 (PDT)
Received: by 10.112.39.226 with HTTP; Tue, 16 Oct 2012 11:49:02 -0700 (PDT)
In-Reply-To: <20121016183544.18082.34326.idtracker@ietfa.amsl.com>
References: <20121016183544.18082.34326.idtracker@ietfa.amsl.com>
Date: Tue, 16 Oct 2012 11:49:02 -0700
Message-ID: <CAOuvq219yJ1P1STBM-AkP7aLNP1W_U8WYp2v-8x1kzXuS_VT6A@mail.gmail.com>
From: Chris Palmer <palmer@google.com>
To: IETF WebSec WG <websec@ietf.org>, Ryan Sleevi <sleevi@google.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
X-Gm-Message-State: ALoCoQnes1MVOGMw4GbxPBHrcJOFMTLKSkuChxMXpyNTyQ8mk7QImZns6TEKWAw+4uiunit5dKzJ6OSdlYJGD1aAp4yVLkiNxa67f6zyTN5DXZkatVAjCChGNnzzbXmYR8T0g1RrOrkueZdMTlgbliiz6mCQjFvGVfeGYLxCIIDvTpVQ0fjqtxNf1mYndCX1Ln8zdIRUCVYf
Subject: [websec] Fwd: New Version Notification for draft-ietf-websec-key-pinning-03.txt
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2012 18:49:04 -0000

Hi all,

This is just a quick interim version to respond to Tom Ritter's bugs
that he filed in the issue tracker. We still have some issues to
resolve around pin activation (à la TACK), max-age, and whether and
how to perform pin validation when X.509 chains chain up to private
trust anchors.

http://trac.tools.ietf.org/wg/websec/trac/ticket/52
http://trac.tools.ietf.org/wg/websec/trac/ticket/53

Any other issues anyone wants to raise? Thanks.



---------- Forwarded message ----------
From:  <internet-drafts@ietf.org>
Date: Tue, Oct 16, 2012 at 11:35 AM
Subject: New Version Notification for draft-ietf-websec-key-pinning-03.txt
To: palmer@google.com
Cc: cevans@google.com



A new version of I-D, draft-ietf-websec-key-pinning-03.txt
has been successfully submitted by Chris Palmer and posted to the
IETF repository.

Filename:        draft-ietf-websec-key-pinning
Revision:        03
Title:           Public Key Pinning Extension for HTTP
Creation date:   2012-10-16
WG ID:           websec
Number of pages: 17
URL:
http://www.ietf.org/internet-drafts/draft-ietf-websec-key-pinning-03.txt
Status:          http://datatracker.ietf.org/doc/draft-ietf-websec-key-pinning
Htmlized:        http://tools.ietf.org/html/draft-ietf-websec-key-pinning-03
Diff:
http://www.ietf.org/rfcdiff?url2=draft-ietf-websec-key-pinning-03

Abstract:
   This memo describes an extension to the HTTP protocol allowing web
   host operators to instruct user agents (UAs) to remember ("pin") the
   hosts' cryptographic identities for a given period of time.  During
   that time, UAs will require that the host present a certificate chain
   including at least one Subject Public Key Info structure whose
   fingerprint matches one or more of the pinned fingerprints for that
   host.  By effectively reducing the scope of authorities who can
   authenticate the domain during the lifetime of the pin, pinning may
   reduce the incidence of man-in-the-middle attacks due to compromised
   Certification Authorities and other authentication errors and
   attacks.




The IETF Secretariat