Re: [websec] [saag] Pinning
Trevor Perrin <trevp@trevp.net> Sat, 11 August 2012 18:16 UTC
Return-Path: <trevp@trevp.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10EA421F84A1 for <websec@ietfa.amsl.com>; Sat, 11 Aug 2012 11:16:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ivIc82d72dPR for <websec@ietfa.amsl.com>; Sat, 11 Aug 2012 11:16:03 -0700 (PDT)
Received: from mail-gh0-f172.google.com (mail-gh0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id 4432121F84B5 for <websec@ietf.org>; Sat, 11 Aug 2012 11:16:03 -0700 (PDT)
Received: by ghbg16 with SMTP id g16so2482799ghb.31 for <websec@ietf.org>; Sat, 11 Aug 2012 11:16:02 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding:x-gm-message-state; bh=lTUibbTXkpNEO56DtfydqlyEzmEq5SzjN79KjpgVv0U=; b=J6XRpB9uMRz1PaYkxHf/9MY81yha81SUwP/V11YgTtOyzK8k/X9rpxKfwY1i3LZGjk bVw22fJIYI8TjCfcmW2ap4KvZEN1gaS8ohruzU2RAA+tOb/57F8YAmNbnuPvJQkWhla7 smA6AaPD/bY5dbzhZitq1Ot3BNWf59OJ/rmEdQ84LhLeWnYttQisVRY4w+SJspsGsdad ZigobTevKmKXP1Xn+v7xsoKHbhBGsEEtnZ0RKgcXoV+BaQZxKNd2TKXqT/j8AKx+ffSW K8stXafnXQ6MW9lxyIRmyNR/gwSIROeXmXYbsTtYW0q6NBSb9UOg/t3b/WOKwKFKhvLZ u8zg==
MIME-Version: 1.0
Received: by 10.42.92.17 with SMTP id r17mr4403742icm.39.1344708962627; Sat, 11 Aug 2012 11:16:02 -0700 (PDT)
Received: by 10.64.78.200 with HTTP; Sat, 11 Aug 2012 11:16:02 -0700 (PDT)
X-Originating-IP: [67.127.59.13]
In-Reply-To: <CAOuvq20iC817T-9U3zWG7S2Z=uU=G0i6usOT915ky+9FO8_Zwg@mail.gmail.com>
References: <31946C2A-4ACD-46D7-8977-49B681204A7B@checkpoint.com> <8E52CEC5-4FEB-4464-AB11-21F1B9208C5C@checkpoint.com> <38489744-05A9-45F0-A752-7F0B9E96E641@vpnc.org> <4FCF894B.8080002@gondrom.org> <CAOuvq20iC817T-9U3zWG7S2Z=uU=G0i6usOT915ky+9FO8_Zwg@mail.gmail.com>
Date: Sat, 11 Aug 2012 11:16:02 -0700
Message-ID: <CAGZ8ZG0K+R93mQFtmQns0ahSbNqwXv+rSO78nEXNn=UweZqsrg@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Chris Palmer <palmer@google.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQlagtxLrbLdB5q7zxWoZllZMxoN2emJJYE2n/4U7CQZbFjwdRFZz9X/VP/SkcVQmiW5/zCI
Cc: Chris Evans <cevans@google.com>, websec@ietf.org, saag@ietf.org, Moxie Marlinspike <moxie@thoughtcrime.org>
Subject: Re: [websec] [saag] Pinning
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Aug 2012 18:16:04 -0000
Hi Chris, all, On Fri, Aug 10, 2012 at 3:20 PM, Chris Palmer <palmer@google.com> wrote: > So ultimately I do think we should decide on either HPKP or TACK, but > that we should make that decision after there has been some real-world > deployment experience with both (or, sadly, real-world non-deployment > of one or both). My 2c: We should keep exploring both TACK and HPKP. I'd like to see both proposals fleshed out, so we can do an in-depth comparison. We'll try to send a draft-01 in a couple weeks. > Additionally, HPKP and TACK might converge, more or less. I have plans > to publish a new HPKP I-D that borrows some of TACK's pin activation > and expiration ideas, for example. Awesome, looking forward to it. There's some things you'll have to grapple with (is pin activation performed for each key individually, or for the keys as a set? when is it performed? etc.) > Additionally, one of the main criticisms of HPKP is that it is tied to > HTTP. I currently don't consider that a huge problem — even though I > consider TACK's TLS-generic-ness a nice benefit — for several reasons: > > * HTTPS is the big, important application that we need to secure right now. Agreed: TACK's TLS-generic-ness is a nice benefit, but a good solution for HTTPS is more important than reusability. > * It's not clear that SMTP over TLS is very beneficial, because you > can't stop delivery due to pin validation failure (or really even > regular old X.509 failure). Pinning for MTA-to-MTA SMTP seems useful. Since receiving MTAs often have invalid certificates, they're hard to authenticate any other way. If a sending MTA doesn't want to reject connections on pin failure, it could run in "warn-only" mode. > * SSH already has PKP. :) Not proposing to change that. But a TACK_Extension *could*, theoretically, be embedded in non-TLS, non-X.509 protocols... And TACK *does* have some nice lifecycle features (activation, break sigs, generations)... > And finally, as Ben Laurie pointed out, there is also Certificate > Transparency. I personally consider the "public log" class of > solutions (of which CT is a leading member, along with Sovereign Keys) > to be The Real Solution. Pinning-like solutions (including HPKP and > TACK) are a good, quick fix — as long as they are quick and simple. I think pinning is likely to coexist or integrate with future trust systems. For example, Cert Transparency is cool and would help detect bad certs, but pinning would prevent their use. I think sites would want to deploy pinning even in a CT world. Also, self-asserted pins like TACK and HPKP can be detected by trust infrastructure (think Convergence or Google Cert Catalog) which publishes them for auditors to review and for client apps to download. So, in a broad sense (pinning, CT, Convergence) are all "public knowledge" systems which have some similar benefits. Anyways, quick and simple is always good, but we shouldn't view pinning as a disposable technology. (Not that you're saying that, but just don't want it to be misconstrued). Trevor
- [websec] Fwd: [saag] Pinning Paul Hoffman
- Re: [websec] Pinning Yoav Nir
- Re: [websec] [saag] Pinning Tobias Gondrom
- Re: [websec] [saag] Pinning Chris Palmer
- Re: [websec] [saag] Pinning Paul Hoffman
- Re: [websec] [saag] Pinning Trevor Perrin
- Re: [websec] [saag] Pinning Yoav Nir
- Re: [websec] [saag] Pinning Tom Ritter
- Re: [websec] [saag] Pinning Yoav Nir
- Re: [websec] [saag] Pinning Jeffrey Hutzelman
- Re: [websec] [saag] Pinning Tony Finch
- Re: [websec] [saag] Pinning Alexey Melnikov
- Re: [websec] [saag] Pinning Tobias Gondrom
- Re: [websec] [saag] Pinning Tobias Gondrom