IETF Logo Mail Archive

Re: [websec] #58: Should we pin only SPKI, or also names

Gervase Markham <gerv@mozilla.org> Tue, 13 August 2013 09:43 UTC

Return-Path: <gerv@mozilla.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A4D021E80F4 for <websec@ietfa.amsl.com>; Tue, 13 Aug 2013 02:43:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.677
X-Spam-Level:
X-Spam-Status: No, score=-2.677 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wG-8Mec1oFMm for <websec@ietfa.amsl.com>; Tue, 13 Aug 2013 02:42:56 -0700 (PDT)
Received: from smtp.mozilla.org (mx2.corp.phx1.mozilla.com [63.245.216.70]) by ietfa.amsl.com (Postfix) with ESMTP id 9E3A821E80F8 for <websec@ietf.org>; Tue, 13 Aug 2013 02:42:54 -0700 (PDT)
Received: from [192.168.0.101] (93.243.187.81.in-addr.arpa [81.187.243.93]) (Authenticated sender: gerv@mozilla.org) by mx2.mail.corp.phx1.mozilla.com (Postfix) with ESMTPSA id AEEE2F2262; Tue, 13 Aug 2013 02:42:52 -0700 (PDT)
Message-ID: <5209FF9D.1080208@mozilla.org>
Date: Tue, 13 Aug 2013 10:42:53 +0100
From: Gervase Markham <gerv@mozilla.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Trevor Perrin <trevp@trevp.net>
References: <060.be9b0009dc0350ca543f553042673944@trac.tools.ietf.org> <073501ce8c6e$f6c17d90$e44478b0$@digicert.com> <CAMm+LwjdGJC4FHCJ_OAYGRqCGGc0Nz1pLV=yVGK9M9E7drfujQ@mail.gmail.com> <CAOuvq200e9HnPX1w9sZ+e7ipBmdgZdPL5xzKDgcaDpSxz1N=gg@mail.gmail.com> <CAMm+Lwh384YBMXw-BDoxJw+AN4qv8x6GQpF9YK4PW1gQRnadpg@mail.gmail.com> <6125A841-6C85-4858-B37F-C021067F0CFA@checkpoint.com> <2035FF99-A079-4F2F-B4DE-962FE1C1B964@checkpoint.com> <CAOuvq20O9bqHGR-5eKPmasNnWEuNW7ACL7PxM09yoTmmyt1UUg@mail.gmail.com> <CAGZ8ZG2C4uB=4vgH325TWeNW89ne4E_DN0j9ZV0t2AKa1o+x9g@mail.gmail.com> <52089A35.9040103@mozilla.org> <CAGZ8ZG3HUUsQJ63mCqHd_LOq+KSdsVpG7Gibdif5dS4oGLywpA@mail.gmail.com> <52091598.7000306@mozilla.org> <faac23b0797219a618f8ffee1932f7e2.squirrel@webmail.dreamhost.com> <CAGZ8ZG1zRJ3fWsK7+Zd_CWjZKTms_YjAxFWzQ+=yrn_VTW+s4g@mail.gmail.com>
In-Reply-To: <CAGZ8ZG1zRJ3fWsK7+Zd_CWjZKTms_YjAxFWzQ+=yrn_VTW+s4g@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: websec <websec@ietf.org>
Subject: Re: [websec] #58: Should we pin only SPKI, or also names
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2013 09:43:02 -0000

On 13/08/13 07:40, Trevor Perrin wrote:
> Names are also smaller, and easier to configure, review, and debug
> than lists of hash values.

Sure. No-one is denying that there are some advantages to using names;
the question is whether those advantages are worth it given the
significant downsides.

In terms of how to proceed, I suggest the wise thing is to define the
syntax so it is open to being extended with names or other identifiers
later, but get the standard done without that facility. Then, we don't
have to let the best be the enemy of the good.

>> It's well known and understood that not every user updates their browser
>> every cycle. Or, when and if pinning is integrated into an OS, they don't
>> always update their OS. So you will quickly have a situation, very easily
>> within a few releases, of the name 'Foo CA' ambiguously referring to
>> multiple different sets of SPKIs.
> 
> Browsers would need to stop using name->key mappings that aren't
> current (say, more than 30 days old).

And so HPKP no longer works for those sites in those browsers? That
doesn't sound great from a security standpoint to me. It also makes
using names clearly worse for the site than using hashes.

That's rather a big change in the idea to be throwing in as a bullet
point mid-way through a discussion. Forgive me, but it rather seems like
you are making this up as you go along rather than having thought it
through and presented a coherent proposal.

>> This is independent of mergers - CAs that are issuing new intermediates,
>> or deprecating old roots, etc.
> 
> Yes, but either these get tracked by browsers, or they need to be
> tracked by every website using an affected CA pin.

If the idea of using names is greater simplicity for sites, imposing a
requirement that they track the goings-on in the CA industry seems not
to meet that goal.

> I could imagine the former becoming widely used.  Websites could
> easily see what other websites are doing, discuss and compare which
> CAs they consider good choices, and test and review their deployments.
>  CAs would be incentivized to opt-in to this system by making it easy
> for browsers to pin them, and to provide good security so that
> websites would choose to include them into pins.

Can't CA's help in the current system? "Here's the set of 3 opaque
strings you should add to your HPKP header to pin to our consumer roots"
is not all that much more complex than "Here's a string that looks like
a domain name you should add to your HPKP header to pin to our consumer
roots".

Gerv

v2.23.0 | Report a Bug | By Email