[websec] Alissa Cooper's Yes on draft-ietf-websec-key-pinning-19: (with COMMENT)

"Alissa Cooper" <alissa@cooperw.in> Tue, 05 August 2014 21:27 UTC

Return-Path: <alissa@cooperw.in>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 1ADD31A033D; Tue, 5 Aug 2014 14:27:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.1
X-Spam-Status: No, score=-1.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_ADSP_ALL=0.8] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id P8r3Papoi3Hn; Tue, 5 Aug 2014 14:27:36 -0700 (PDT)
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D0CB1A0317; Tue, 5 Aug 2014 14:27:36 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Alissa Cooper <alissa@cooperw.in>
To: The IESG <iesg@ietf.org>
X-Test-IDTracker: no
X-IETF-IDTracker: 5.6.2.p5
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <20140805212736.4347.37060.idtracker@ietfa.amsl.com>
Date: Tue, 05 Aug 2014 14:27:36 -0700
Archived-At: http://mailarchive.ietf.org/arch/msg/websec/L6N_OoA84MML3mwKCvaK27rTAzk
Cc: draft-ietf-websec-key-pinning@tools.ietf.org, websec@ietf.org, websec-chairs@tools.ietf.org
Subject: [websec] Alissa Cooper's Yes on draft-ietf-websec-key-pinning-19: (with COMMENT)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Aug 2014 21:27:37 -0000

Alissa Cooper has entered the following ballot position for
draft-ietf-websec-key-pinning-19: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


I agree with Pete's comment about the first sentence.

It would be nice if in Section 5 or 7 some suggestion could be made for
UAs to consider the relationship between the functionality they provide
to clear pins/pinned hosts and the functionality they provide to clear
(or prevent the storage of) other UA state. E.g., upon clearing one's
browsing history or entering private browsing mode, it seems like having
the option to clear pins/pinned hosts or not pin would make sense. This
is alluded to in Section 7 but not really tied to the threat described in
Section 5.

I'm also curious about whether there is any reason to retain expired
pins? (Other than the fact that flushing them requires the UA to actively
check which ones are expired.)