IETF Logo Mail Archive

Re: [websec] Consensus call: Issue #57 (max-max-age)

Trevor Perrin <trevp@trevp.net> Wed, 05 June 2013 16:42 UTC

Return-Path: <trevp@trevp.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F1DB21F9B3A for <websec@ietfa.amsl.com>; Wed, 5 Jun 2013 09:42:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.948
X-Spam-Level:
X-Spam-Status: No, score=-0.948 tagged_above=-999 required=5 tests=[AWL=1.428, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, J_CHICKENPOX_45=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W0qWL8bcCI2D for <websec@ietfa.amsl.com>; Wed, 5 Jun 2013 09:42:46 -0700 (PDT)
Received: from mail-lb0-f175.google.com (mail-lb0-f175.google.com [209.85.217.175]) by ietfa.amsl.com (Postfix) with ESMTP id 0721521F99C7 for <websec@ietf.org>; Wed, 5 Jun 2013 09:42:45 -0700 (PDT)
Received: by mail-lb0-f175.google.com with SMTP id v10so2091809lbd.6 for <websec@ietf.org>; Wed, 05 Jun 2013 09:42:45 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:date :message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=aDh2dJqdQhYzUaAuZC+6zWlWirl1sGNnevGN8ST4lFM=; b=NwSq+4DkYOcD7sY+LLkHKlz8duMlpY7Te1LKCFq/AQ/+FI08T2fyrdFCsS8ckCRALx J1NaggSQZt95SPruI78KpihR6fTWDM2MHe1LFUkOnD4Yb5q+SeVzhJWbfWdwQ8F2YUwD hwN03gt57X8ju7Pjm6xfsl5P5IerQ1xISKP7tJDFZSKezf1Cl1Fks5xIREKPr5Nx3lU3 qxEfU3y5WFGOsau/bAelWQc57HOYXc5HcVUGxkZxstHp6c9mPikR/OzSs9J1XThtzllw ddsNvvGAdqQkp7oYiOyQW3r6EcJerTu/fGa3YP5Q/qhLn1fzmkLpexp8tiY4xILsvYxL XV4A==
MIME-Version: 1.0
X-Received: by 10.152.1.230 with SMTP id 6mr15710227lap.21.1370450564890; Wed, 05 Jun 2013 09:42:44 -0700 (PDT)
Received: by 10.114.16.138 with HTTP; Wed, 5 Jun 2013 09:42:44 -0700 (PDT)
X-Originating-IP: [166.147.108.64]
In-Reply-To: <838EDA30DAC59547BEDA5AB4C776DFC9014303815C24@NDJSSCC04.ndc.nasa.gov>
References: <43C5DE99-43EB-42FC-8F61-24F9A9429FD1@checkpoint.com> <CA+cU71=Q_QkHqiQ95AZgw8Bi7U_mgCi4icMypwFUp1C6i=apUA@mail.gmail.com> <518EE510.9060600@it.aoyama.ac.jp> <8450797E-818C-445C-ABD2-1B8F9AE1DBB9@checkpoint.com> <5194918A.7030300@gondrom.org> <CAGZ8ZG0SWZD9e-NP2RhQMQ-=F5JUCCytF2NYTdWH7u13hhBqqQ@mail.gmail.com> <519D3254.1040508@gondrom.org> <CAGZ8ZG15ZbjfDcu+bpetvfZxKG1ycW9t1AGuQ+A5cfpfkUAfnw@mail.gmail.com> <CAOuvq237_B1h6mBryP3UHh=auqtUhs93-_oKMSsHOjqSX977bQ@mail.gmail.com> <51A49A5C.5080002@gondrom.org> <CAOuvq20_zACXraV9iN6mUbDwML8GkSCwh9w2Cuow818YOLL-Sw@mail.gmail.com> <7AD36561-65B4-448C-A371-907B12B75AF1@checkpoint.com> <CAOuvq23a0BiO5pGDPLLvHY0bZ0JvVrFb7Aq-nGDoBQS_S8HFDw@mail.gmail.com> <584386D2-223C-4B6F-89BA-78769113D293@checkpoint.com> <CAGZ8ZG3ktYcJutAH19qW+=EP8oopq=XCTZ_td3Gyw2o2mMvzNA@mail.gmail.com> <51ADBBA3.3000105@gondrom.org> <77BFAD41-36DD-46C7-A277-D1416F7EE958@checkpoint.com> <838EDA30DAC59547BEDA5AB4C776DFC9014303815897@NDJSSCC04.ndc.nasa.gov> <CAGZ8ZG3tbM+KhtdYx0pwpLuu4J3uZRnZsVGxiPrx3JCR9m7n1w@mail.gmail.com> <838EDA30DAC59547BEDA5AB4C776DFC9014303815C24@NDJSSCC04.ndc.nasa.gov>
Date: Wed, 05 Jun 2013 09:42:44 -0700
Message-ID: <CAGZ8ZG1Jv8TLtVxaCLb1kiNkqwOX8DyDRAJjjtOf=kPU7WULMg@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: "Sheehe, Charles J. (GRC-DPC0)" <charles.j.sheehe@nasa.gov>
Content-Type: multipart/alternative; boundary="089e013c6c161a55a604de6ae316"
X-Gm-Message-State: ALoCoQn2BKf6QMsRe+GM6hFFygQjsmD7FRdfkoTjWhonS5XtWCYkkHrzdVhpWzpTI55wbs7dqoxR
Cc: "<websec@ietf.org>" <websec@ietf.org>
Subject: Re: [websec] Consensus call: Issue #57 (max-max-age)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jun 2013 16:42:52 -0000

On Tue, Jun 4, 2013 at 12:52 PM, Sheehe, Charles J. (GRC-DPC0) <
charles.j.sheehe@nasa.gov> wrote:

> Thanks Trevor.  ****
>
> ** **
>
> Ok so if we set the Max Age to 1 day or 10 days or 30 or 90 so what are
> the realistic impacts? Increased Infrastructure how much?  I have not seen
> the tradeoffs cost(risks or added infrastructure) vs. benefits.
>

So, assuming (for sake of discussion) that we wanted *some* spec-defined
max-max-age, what are the tradeoffs in choosing it?

Good question, I think you'd want to start by being clear what use cases
are in scope.  I suggested expanding the scope to include pin-distribution
methods like "downloaded lists", "secure links", and "online lookups".  It
would be fair for the working group to reject that scope expansion, or
discuss further.

Then we could look at how the effectiveness of pins varies over time for
different use cases.  I'd argue that for the expanded use cases, you get
diminishing returns on effectiveness after a few weeks, though for the
"browser key continuity" use case, it's a different story, so we'd have to
decide how to weigh the use cases.

Finally, you'd have to assess how the "dangers" of pinning increase with
lifetime, and then subtract the dangers from the benefits to get some
"pinning-lifetime-utility" curve.  In my mind, this curve is a bell-like
thing with a lot of mass between a few weeks and a few months, with 30 days
being a good round number in the middle.

At least that's how TACK got there, that's as methodical as we got...


Trevor

v2.23.0 | Report a Bug | By Email