Re: [websec] HSTS: Infinite max-age to address NTP spoofing attack?

Yoav Nir <ynir.ietf@gmail.com> Mon, 10 November 2014 20:10 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F73A1ACDB7 for <websec@ietfa.amsl.com>; Mon, 10 Nov 2014 12:10:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.3
X-Spam-Level:
X-Spam-Status: No, score=0.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, MANGLED_BACK=2.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XeozrhT8V5PV for <websec@ietfa.amsl.com>; Mon, 10 Nov 2014 12:10:03 -0800 (PST)
Received: from mail-wi0-x230.google.com (mail-wi0-x230.google.com [IPv6:2a00:1450:400c:c05::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9ABDD1A9073 for <websec@ietf.org>; Mon, 10 Nov 2014 12:09:46 -0800 (PST)
Received: by mail-wi0-f176.google.com with SMTP id h11so11811415wiw.9 for <websec@ietf.org>; Mon, 10 Nov 2014 12:09:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ALXfoh5yuBPdABtkMlILiZZ8c8VWE31aqRINlpDVnw8=; b=d1gG022d5ve4cxJJBqKgXhqrtUk8YH28/0o5JOEx4iv18r4VZ5nepqepoPgPz2BhTZ kBkz7Q5Bb1uml6lCmFrqT5q6EgnAS797h2sqsx0qKr3heMIMafOLhgho7JPs7OjdNMx2 zaRIjX5rLWsqRQ8ToRFRaT+zcKG2r8adlVrMTL7CXSsVU1KP/+qMqwBBwcJVxVTmhahm oWAX2BQ4ZBrfxwJlaaqOc4hi7tf/9N7ZmgnTQFesANrabmqMoGGfdzD8DECJvkUONKkH Z5DBQYBnFhuIk7r2XKuagt0kehAGZrHDB1aYDV8mhiy+pe1xYbfBkDnJELiUV24iiYEy OBUQ==
X-Received: by 10.194.190.19 with SMTP id gm19mr46613944wjc.51.1415650184483; Mon, 10 Nov 2014 12:09:44 -0800 (PST)
Received: from t2001067c0370016001435d87602e7faf.wireless.v6.meeting.ietf.org (t2001067c0370016001435d87602e7faf.wireless.v6.meeting.ietf.org. [2001:67c:370:160:143:5d87:602e:7faf]) by mx.google.com with ESMTPSA id b6sm14667448wiy.22.2014.11.10.12.09.42 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 10 Nov 2014 12:09:43 -0800 (PST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.0 \(1990.1\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <546116B9.4030900@gondrom.org>
Date: Mon, 10 Nov 2014 10:09:39 -1000
Content-Transfer-Encoding: quoted-printable
Message-Id: <640712A4-08A9-4723-B73C-734F1F8436A2@gmail.com>
References: <BAY180-W65945DCD6DB8531AB08F2BFF850@phx.gbl> <20141107161452.2b834f23@pc> <D08598BB.3EB64%jeff.hodges@paypal.com> <546116B9.4030900@gondrom.org>
To: Tobias Gondrom <tobias.gondrom@gondrom.org>
X-Mailer: Apple Mail (2.1990.1)
Archived-At: http://mailarchive.ietf.org/arch/msg/websec/LUYqu-iMsxYUtzFjBXrIuyaCyrs
Cc: websec@ietf.org
Subject: Re: [websec] HSTS: Infinite max-age to address NTP spoofing attack?
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Nov 2014 20:10:06 -0000

> On Nov 10, 2014, at 9:49 AM, Tobias Gondrom <tobias.gondrom@gondrom.org>; wrote:
> 
> On 10/11/14 09:03, Hodges, Jeff wrote:
>> On 11/7/14, 7:14 AM, "Hanno Böck" <hanno@hboeck.de>; wrote:
>> 
>>> But I am pretty sure that no matter what, the underlying cause needs to
>>> be fixed.
>> Strongly agreed.
>> 
>>> A reliable time plays a role in a number of cases in TLS.
>>> HPKP is basically vulnerable to the same kind of attack. Certificate
>>> validity times/expirations are vulnerable.
>> Yes, there's a plethora of protocols that contain timestampes of one sort
>> or another. Thus to some degree or another, they rely upo systems' time,
>> and if that time is corrupted by an attacker then the system and its users
>> may be in trouble.
>> 
>> I don't think it's feasible, or in all or most cases a good design, to go
>> back and 'patch' those protocols to try to guard against NTP-based attacks
>> (as one example of how system time may be corrupted), rather, platforms
>> should (as AGL noted in a earlier thread "NTP vs. HSTS" on [1]) "fix the
>> clock" (I.e. Address NTP and other clock vulns).
> 
> <wg chair hat= off>
> I agree with Jeff. It would better to aim fixing the clock issue (or the relying on fake clocks), than trying to give "infinite" to all kinds of protocol parameters.
> Tobias

+1 

And DKG has mentioned not wanting to create a permanent foot-gun. That is right, but I don’t think telling management “our website is bricked forever” is any better than telling them that “our website is bricked for two years”.

Besides, if you move so far in the future that a 1-year or 2-year HSTS header expires, you’re going to see expired certificates anyway.

Yoav