IETF Logo Mail Archive

Re: [websec] #58: Should we pin only SPKI, or also names

Trevor Perrin <trevp@trevp.net> Wed, 07 August 2013 10:14 UTC

Return-Path: <trevp@trevp.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3594921E80C0 for <websec@ietfa.amsl.com>; Wed, 7 Aug 2013 03:14:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A-IoJXtYUeMt for <websec@ietfa.amsl.com>; Wed, 7 Aug 2013 03:14:12 -0700 (PDT)
Received: from mail-wg0-f52.google.com (mail-wg0-f52.google.com [74.125.82.52]) by ietfa.amsl.com (Postfix) with ESMTP id CD8E921E80BE for <websec@ietf.org>; Wed, 7 Aug 2013 03:14:11 -0700 (PDT)
Received: by mail-wg0-f52.google.com with SMTP id b13so1333922wgh.19 for <websec@ietf.org>; Wed, 07 Aug 2013 03:14:11 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=/CPrCiLunbss4LvN+JWpj16I1xdwUGlTLQCSptSFaIY=; b=KZpMD2TTC6+i0BidPQTWb9zAUdbj4JAlBmizuCoKUz54ZgzlTxeWxQVkbgsG4jMz9v BPiSIKGk5L1nLP4YzTerOL3YpvQA2tk8t60s3+vWtCdNULwL5g8Ag37hSwCG8eNUIu03 JMXQvxIkTy7GHZsJW63CqCGzVHEsuOK9B831yRBz7OitLv99rsrWlXD8j7OwAOCEqOTf yV+kYpfn9+MJ+dUNvak+XHA4qSXZYtdz7j0vEA4Dipl3YJiK+SGgcBs5GRP8lwPzgOal 0Z/PHQDIdzG7lXefqCWB+q543IBJqNPfAkMRe5/6kzko25BZF3hEapZbvatTLnZ5unid oL6w==
X-Gm-Message-State: ALoCoQlFFtN/aT5lp9lm0AX3Pj0NDlqjjleKjP8EbGlPRhDauufLnLDQ2lc6Llgp3gIyX2WpZkdV
MIME-Version: 1.0
X-Received: by 10.194.174.36 with SMTP id bp4mr1811549wjc.7.1375870450945; Wed, 07 Aug 2013 03:14:10 -0700 (PDT)
Received: by 10.216.212.9 with HTTP; Wed, 7 Aug 2013 03:14:10 -0700 (PDT)
X-Originating-IP: [24.234.64.225]
In-Reply-To: <52021982.8030108@mozilla.org>
References: <060.be9b0009dc0350ca543f553042673944@trac.tools.ietf.org> <073501ce8c6e$f6c17d90$e44478b0$@digicert.com> <CAMm+LwjdGJC4FHCJ_OAYGRqCGGc0Nz1pLV=yVGK9M9E7drfujQ@mail.gmail.com> <CAOuvq200e9HnPX1w9sZ+e7ipBmdgZdPL5xzKDgcaDpSxz1N=gg@mail.gmail.com> <CAMm+Lwh384YBMXw-BDoxJw+AN4qv8x6GQpF9YK4PW1gQRnadpg@mail.gmail.com> <6125A841-6C85-4858-B37F-C021067F0CFA@checkpoint.com> <2035FF99-A079-4F2F-B4DE-962FE1C1B964@checkpoint.com> <CAGZ8ZG2Ex9Cvft38zSQX5Hcu3hU40HOjpAM+9fCG=JgBJM55Qg@mail.gmail.com> <520214F7.8020308@mozilla.org> <CAGZ8ZG2N7NBUvjYQVw=CKgnq1KG5JfeN9hZU2-DSKT6OFmBVFg@mail.gmail.com> <52021982.8030108@mozilla.org>
Date: Wed, 07 Aug 2013 03:14:10 -0700
Message-ID: <CAGZ8ZG2OCCziSn-WtFGdCGnFEVTFz=9truK6kkFkF3pq1TEyNA@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Gervase Markham <gerv@mozilla.org>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: websec <websec@ietf.org>
Subject: Re: [websec] #58: Should we pin only SPKI, or also names
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2013 10:14:18 -0000

On Wed, Aug 7, 2013 at 2:55 AM, Gervase Markham <gerv@mozilla.org> wrote:
> On 07/08/13 10:45, Trevor Perrin wrote:
>> Presumably the browser would have a table mapping names to key lists,
>> and would evaluate a site's cert chain by checking for an intersection
>> with all relevant keys in the pin (direct or indirect).
>
> Yes; this would need to be metadata associated with each cert in the
> root store. It would need to be added when roots were added.

I was imagining a table which is indexed by CA names, and which maps a
CA name to a corresponding list of key hashes.  These hashes might
correspond to certs in the root store or they might not (e.g., they
might correspond to intermediates).

Only CAs which had "opted-in" and provided the requisite info to
browsers would be in the table.


> What happens if a CA requests a change to this mapping? This might
> violate the expectations of some users as to which keys they were pinning.

When a pinned CA wants to introduce a new root, it would need to
update the mapping and wait for the update to propagate before using
the new root to sign certs.

When a pinned CA wants to remove a revoked or expired root from the
mapping, it should be able to do so without problems since browsers
would not construct cert paths that require this root.

Anyways, if users want to be pinned to a specific key, they should pin
to that key directly.  If they're pinned to a name, they're trusting
the CA and browser vendor to keep the mapping updated in a sensible
way.


Trevor

v2.23.0 | Report a Bug | By Email