IETF Logo Mail Archive

Re: [websec] #58: Should we pin only SPKI, or also names

Chris Palmer <palmer@google.com> Thu, 08 August 2013 20:45 UTC

Return-Path: <palmer@google.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3CA111E821A for <websec@ietfa.amsl.com>; Thu, 8 Aug 2013 13:45:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.967
X-Spam-Level:
X-Spam-Status: No, score=-1.967 tagged_above=-999 required=5 tests=[AWL=0.011, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Om8+DwaAn4Gv for <websec@ietfa.amsl.com>; Thu, 8 Aug 2013 13:45:06 -0700 (PDT)
Received: from mail-ie0-x236.google.com (mail-ie0-x236.google.com [IPv6:2607:f8b0:4001:c03::236]) by ietfa.amsl.com (Postfix) with ESMTP id 4D50E11E8104 for <websec@ietf.org>; Thu, 8 Aug 2013 13:45:06 -0700 (PDT)
Received: by mail-ie0-f182.google.com with SMTP id tp5so2807677ieb.27 for <websec@ietf.org>; Thu, 08 Aug 2013 13:45:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=3cR06KSI1iMWjNFUawWMHeB/+y6aSowskWUvDPH6o4E=; b=NHQqaOlcfIlMR7uU6o/Sahz1kJaC5WPCTgvNOfT3XHy8ZWW3+9LtobMAQ+ycl9a9cI /mhuoEjhAihG12LYsmKeeVPiqfEW7wSlcElFXTFEZ7JACBnfTw7AD1fN++f3PT8BFsBL xGWNYFsyN5qeETpv8+ANBE+fMzcFtiA5PHbFpxdDDX2RyNG/4PTDtBHu9gaZvPJEd4d6 M05q85gzZmlW9aobYUMIwbD9g9yTzvqFXYCf9n1iCatmZboZ8Wwgg69iVYZCaCuO369F F7HTP8kdovrHLxK5s79R521P4p1iK6Yn5U6MuFP2Fb/CfqUnXrIlseknH0+LONIM8FN5 CtVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=3cR06KSI1iMWjNFUawWMHeB/+y6aSowskWUvDPH6o4E=; b=Qfzx1VPJ+FM3Vt7xe8ZCP3oZCpDLjMLdw24nyW1/bbr29xmmcec3P5NrlUXzOQCZ/W Hu1KyzCdSXsULOVsM2MKvK0ydQGTDqIlEgg2iBuiySD+MmY2QpHXKmomBxde20isXevr gBIUhXhPC9S//TSCi2Km3up+zWw2Ym42lHWFsZseiV1ZU31tW52MjPwbPwhBHNKhGinJ pT2a2SWNGStuqarX9w43a4hDccufax/eqIUv4HTug6jTzV0m4kSuI0tF2s10cSsDPkFg P1lC6RIwz0XLHykNsJu4jxqB6/6/Sg+5HjTK3/3SRcCtZgfXVeuqrAVo4SdGaH0eSRfY mijg==
X-Gm-Message-State: ALoCoQm8p+WpPoTDo89VETGFweqy0DtHzJYofe0gn/k9mNePAMLd/TcDrdddDM53sRyo2HH0QgRDCQSEc025fG9JoMZBe1OoCQRpq7mG4kmiD16zfmzDhXkgpy5+hkXd3Xdh/FDzHPKG0LogTNZFXcBMf7QNiI6JSc92Jk5FXnlx5SFcVAIdlaXf6wfrNcsJHBz75YeKKJ3X
MIME-Version: 1.0
X-Received: by 10.43.19.200 with SMTP id ql8mr2979828icb.72.1375994705749; Thu, 08 Aug 2013 13:45:05 -0700 (PDT)
Received: by 10.64.240.71 with HTTP; Thu, 8 Aug 2013 13:45:05 -0700 (PDT)
In-Reply-To: <520225B3.5040701@mozilla.org>
References: <060.be9b0009dc0350ca543f553042673944@trac.tools.ietf.org> <073501ce8c6e$f6c17d90$e44478b0$@digicert.com> <CAMm+LwjdGJC4FHCJ_OAYGRqCGGc0Nz1pLV=yVGK9M9E7drfujQ@mail.gmail.com> <CAOuvq200e9HnPX1w9sZ+e7ipBmdgZdPL5xzKDgcaDpSxz1N=gg@mail.gmail.com> <CAMm+Lwh384YBMXw-BDoxJw+AN4qv8x6GQpF9YK4PW1gQRnadpg@mail.gmail.com> <6125A841-6C85-4858-B37F-C021067F0CFA@checkpoint.com> <2035FF99-A079-4F2F-B4DE-962FE1C1B964@checkpoint.com> <CAGZ8ZG2Ex9Cvft38zSQX5Hcu3hU40HOjpAM+9fCG=JgBJM55Qg@mail.gmail.com> <520214F7.8020308@mozilla.org> <CAGZ8ZG2N7NBUvjYQVw=CKgnq1KG5JfeN9hZU2-DSKT6OFmBVFg@mail.gmail.com> <52021982.8030108@mozilla.org> <CAGZ8ZG2OCCziSn-WtFGdCGnFEVTFz=9truK6kkFkF3pq1TEyNA@mail.gmail.com> <520225B3.5040701@mozilla.org>
Date: Thu, 08 Aug 2013 13:45:05 -0700
Message-ID: <CAOuvq21TtutqQKbKGxBWH+VhNg+3g9ukoSa1TVtpph402psijQ@mail.gmail.com>
From: Chris Palmer <palmer@google.com>
To: Gervase Markham <gerv@mozilla.org>
Content-Type: text/plain; charset="UTF-8"
Cc: websec <websec@ietf.org>
Subject: Re: [websec] #58: Should we pin only SPKI, or also names
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Aug 2013 20:45:06 -0000

On Wed, Aug 7, 2013 at 3:47 AM, Gervase Markham <gerv@mozilla.org> wrote:

>> When a pinned CA wants to introduce a new root, it would need to
>> update the mapping and wait for the update to propagate before using
>> the new root to sign certs.
>
> Right - but users who were trusting "FooCA" would now be trusting a root
> they didn't know they were trusting.

The site operator had decided to trust FooCA to manage its operations
well and to issue certs well. If FooCA sets up a new root, that need
not change the operator's trust calculation. The explicit point of
this trust anchor set name mechanism is to allow site operators to not
care about the specific signing certificates FooCA uses. You seem to
be postulating a hypothetical site operator who wants to trust FooCA
generally, yet also wants to know about and trust only particular
issuing certificates that FooCA uses. That hypothetical site operator
sounds confused, to me: "Don't bother me with all these details; just
tell me everything."

> What happens if two CAs merge, and the acquiring CA wants to have all
> the roots of the acquired CA now under its brand?

Same thing. The site operator has chosen to trust FooCA. They can
trust FooCA to merge with only top-notch CAs (running their business
operations well), and continue pinning to the trust anchor set name
"FooCA". Or the operator can decide they hate the new merged business
entity, and switch to BarCA. Hopefully, they set a backup pin,
possibly to BarCA, and then they can do the switch quite quickly.
(They'll want a new backup pin, say QuuxCA, or a specific SPKI, or
whatever.)

> My concern is that this is an abstraction to make things work for people
> who don't want to think too hard about PKI, but that the abstraction is
> leaky, and will result in the violation of assumptions. I haven't spent
> too much time thinking about this and I've already thought of a few.

That's how abstractions are: The leakiness is a feature. If it weren't
leaky, it wouldn't be an abstraction. That's why we would offer
pinning to both trust anchor set names and specific SPKIs.

v2.23.0 | Report a Bug | By Email