Re: [websec] Certificate Pinning via HSTS
Chris Palmer <palmer@google.com> Tue, 13 September 2011 18:09 UTC
Return-Path: <palmer@google.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 636A921F8C13 for <websec@ietfa.amsl.com>; Tue, 13 Sep 2011 11:09:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.977
X-Spam-Level:
X-Spam-Status: No, score=-105.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lh+u3PgEzxEX for <websec@ietfa.amsl.com>; Tue, 13 Sep 2011 11:09:49 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [216.239.44.51]) by ietfa.amsl.com (Postfix) with ESMTP id 784BC21F8BBD for <websec@ietf.org>; Tue, 13 Sep 2011 11:09:49 -0700 (PDT)
Received: from wpaz29.hot.corp.google.com (wpaz29.hot.corp.google.com [172.24.198.93]) by smtp-out.google.com with ESMTP id p8DIBu6N025489 for <websec@ietf.org>; Tue, 13 Sep 2011 11:11:56 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1315937516; bh=sPBrD4iksfBBNCvag3+GSv7cnxY=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type:Content-Transfer-Encoding; b=r2Su37eBHtDHcD++cBqg+jasgkJBtL3iuemURu+J6FinhPHHpyQRhalzsudjYnPST x2iRjhfTS+tiCav2FILYw==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=dkim-signature:mime-version:in-reply-to:references:date: message-id:subject:from:to:cc:content-type: content-transfer-encoding:x-system-of-record; b=w4L80nhsgk4BkPze4KpjBzgdUOkSzpIkLmang2RbN0lsFh9itHBJOjDWQ8DqZCe9O uGCzd+zucogMY9yve+Hlg==
Received: from wwf22 (wwf22.prod.google.com [10.241.242.86]) by wpaz29.hot.corp.google.com with ESMTP id p8DIBl6O016333 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <websec@ietf.org>; Tue, 13 Sep 2011 11:11:55 -0700
Received: by wwf22 with SMTP id 22so1102555wwf.1 for <websec@ietf.org>; Tue, 13 Sep 2011 11:11:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=QDMDXS0XAe05XVxua7XZB9jOM2t5b9ZoAPbOr/ohG5U=; b=Sy25kGUciCV02wl5rX1bg5wHRJpHzY74SGKfDorTnvO5aYJvlMamSg8/zOH+FrZ8Z3 5L7frwOZQOY7CpaSmbSg==
Received: by 10.216.23.72 with SMTP id u50mr1892110weu.34.1315937514679; Tue, 13 Sep 2011 11:11:54 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.23.72 with SMTP id u50mr1892104weu.34.1315937514478; Tue, 13 Sep 2011 11:11:54 -0700 (PDT)
Received: by 10.216.61.16 with HTTP; Tue, 13 Sep 2011 11:11:54 -0700 (PDT)
In-Reply-To: <4E6F62EE.2070409@cisco.com>
References: <CAOuvq22p2qNnXRsK=PS=mxknnq4MrCWt0Np-N8su-iHXaWHqpg@mail.gmail.com> <CA+cU71=7tM9tS6bAddiLDtOBTX_DH3cebEd5dM=1DSMKXUMdjw@mail.gmail.com> <4E6F62EE.2070409@cisco.com>
Date: Tue, 13 Sep 2011 11:11:54 -0700
Message-ID: <CAOuvq20UOvL3QTMMmskzPE20os_Yv57Kx_2Sntr8ap0nr+xxeQ@mail.gmail.com>
From: Chris Palmer <palmer@google.com>
To: websec@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
Cc: Chris Evans <cevans@google.com>
Subject: Re: [websec] Certificate Pinning via HSTS
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2011 18:09:50 -0000
Hi everybody, Thanks for your comments and questions — good ones! I'll try to address them in the XMLified draft that I'm working on now, and which I'll send out today.
- [websec] Certificate Pinning via HSTS Chris Palmer
- Re: [websec] Certificate Pinning via HSTS Richard L. Barnes
- Re: [websec] Certificate Pinning via HSTS SM
- Re: [websec] Certificate Pinning via HSTS =JeffH
- Re: [websec] Certificate Pinning via HSTS Richard L. Barnes
- Re: [websec] Certificate Pinning via HSTS Marsh Ray
- Re: [websec] Certificate Pinning via HSTS Yoav Nir
- Re: [websec] Certificate Pinning via HSTS Adam Langley
- Re: [websec] Certificate Pinning via HSTS James Nicoll
- Re: [websec] Certificate Pinning via HSTS Adam Langley
- Re: [websec] Certificate Pinning via HSTS Tobias Gondrom
- Re: [websec] Certificate Pinning via HSTS Tom Ritter
- Re: [websec] Certificate Pinning via HSTS Daniel Kahn Gillmor
- Re: [websec] Certificate Pinning via HSTS Philip Gladstone
- Re: [websec] Certificate Pinning via HSTS Chris Palmer
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Chris Palmer
- Re: [websec] Certificate Pinning via HSTS Chris Palmer
- Re: [websec] Certificate Pinning via HSTS Daniel Kahn Gillmor
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Daniel Kahn Gillmor
- Re: [websec] Certificate Pinning via HSTS Daniel Kahn Gillmor
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Daniel Kahn Gillmor
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker