Re: [websec] #58: Should we pin only SPKI, or also names

["Jeremy Rowley" <jeremy.rowley@digicert.com>]

The problems with pinning a CA are similar to problems with pinning a SPKI.
Eventually, the browser needs updated pinned information.  CA pinning shifts
coordination of this update from the Website-Browser to a CA-Browser
communication.  

Permitting CA pinning allows an entity to essentially delegate certificate
decisions to single CA entity.  The usability problems are somewhat resolved
(although not eliminated) because the entity no longer needs to figure out
exactly which keys should be pinned.  Management can adopt a policy to only
use fooCA and then pin that CA, eliminating the need to try and coordinate
all the people responsible for making a decision and making the solution
easier for management to understand than a presented set of SPKIs.   

Jeremy

-----Original Message-----
From: websec-bounces@ietf.org [mailto:websec-bounces@ietf.org] On Behalf Of
Trevor Perrin
Sent: Monday, August 12, 2013 6:53 PM
To: Gervase Markham
Cc: websec
Subject: Re: [websec] #58: Should we pin only SPKI, or also names

On Mon, Aug 12, 2013 at 10:04 AM, Gervase Markham <gerv@mozilla.org> wrote:
> On 12/08/13 17:11, Trevor Perrin wrote:
>> If people hate this, someone should make a proposal for a registry:
>
> Or make a proposal to stick with the current spec, and not pin names 
> :-)

Sure.  But then I'd also like to hear an argument for how this style of
pinning could solve its usability problems and become widespread, given that
Chrome's preloaded version of this attracted only 3 users in 27 months.


>> Could you explain how these problems would arise?
>>
>> I'm proposing CAs would coordinate with browsers, then inform their 
>> customers (websites) which name to use.  A misbehaving CA could 
>> inform its customers of a meaningless name, causing browsers to 
>> ignore the pin.  But a misbehaving CA could violate its customers' 
>> security in other ways.
>
> They would arise via any of the obvious mechanisms this could go 
> wrong,
> e.g.:
>
> * CA fails to communicate with (some subset of) browsers, perhaps the 
> small ones, leading to divergent behaviour

Well, either a popular CA communicates its key list to browsers, or it
communicates it to the (thousands? millions?) of websites that would like to
be pinned to that CA.

There's a coordination problem either way.  So pointing out that browser/CA
coordination is a hassle and has some failure modes doesn't seem a
compelling argument against it, given the alternatives.


> * Browser update is not universally accepted, leading to divergent 
> behaviour
>
> Say Foo CA merges with Bar CA, and issues an edict that from now on 
> the string "fooca.com" will include the already-deployed root, "Bar CA 
> Super-Secure". Six months later, after gnashing their teeth at the 
> delay that this process is introducing into their business, they start 
> issuing certs from "Bar CA Super-Secure" to Foo CA customers. A site, 
> naiveshop.com, is pinned to fooca.com, and buys one of these new certs.
> All naiveshop.com's customers whose browsers are older than 6 months 
> get connection failures, and naiveshop.com can't easily detect that 
> this is happening, or to how many people.

Coordination between browsers and CAs would have to involve timing rules.  A
browser who has not updated a name/key mapping after some period of time
would have to stop using it, just as browsers stop using preloaded pins if
they're too old.


Trevor
_______________________________________________
websec mailing list
websec@ietf.org
https://www.ietf.org/mailman/listinfo/websec