Re: [websec] Comments on draft-ietf-websec-key-pinning-06
Tobias Gondrom <tobias.gondrom@gondrom.org> Mon, 24 June 2013 07:01 UTC
Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF23B21F9ABE for <websec@ietfa.amsl.com>; Mon, 24 Jun 2013 00:01:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -95.362
X-Spam-Level:
X-Spam-Status: No, score=-95.362 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SHqpNR0jQffk for <websec@ietfa.amsl.com>; Mon, 24 Jun 2013 00:01:38 -0700 (PDT)
Received: from lvps176-28-13-69.dedicated.hosteurope.de (lvps176-28-13-69.dedicated.hosteurope.de [176.28.13.69]) by ietfa.amsl.com (Postfix) with ESMTP id BDC2F21F9A6A for <websec@ietf.org>; Mon, 24 Jun 2013 00:01:37 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=aB9E1NcW1AJr9i4gcZUULXrPNxXj2GqQfiu/JJsf9b23CKi80qMamoTyk4Vv9GVpCZRcq/rCqm+mU+V5NBqTjuQxrJRTAzHva+JtAgrr6kcOLrFpBO9liG2mTmAKzLh0; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:X-Enigmail-Version:Content-Type;
Received: (qmail 7324 invoked from network); 24 Jun 2013 09:01:31 +0200
Received: from 188.82.247.60.static.bjtelecom.net (HELO ?172.31.8.30?) (60.247.82.188) by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 24 Jun 2013 09:01:31 +0200
Message-ID: <51C7EECC.3020108@gondrom.org>
Date: Mon, 24 Jun 2013 15:01:32 +0800
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: trevp@trevp.net
References: <8c03997da80b4e8da7100491011b8c12@BN1PR03MB039.namprd03.prod.outlook.com> <6F2FE5F2-D02C-4B09-A6CA-7C3B63722E34@checkpoint.com> <CAGZ8ZG32cRRU3rQ31cN0ZB78_Oxn7E4LpyTpYi0bT59jhzNuiw@mail.gmail.com>
In-Reply-To: <CAGZ8ZG32cRRU3rQ31cN0ZB78_Oxn7E4LpyTpYi0bT59jhzNuiw@mail.gmail.com>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/alternative; boundary="------------020605060500050603020007"
Cc: websec@ietf.org, dmatson@microsoft.com
Subject: Re: [websec] Comments on draft-ietf-websec-key-pinning-06
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2013 07:01:43 -0000
Hi all, <no hat> comments inline. Best regards, Tobias On 24/06/13 09:13, Trevor Perrin wrote: > > On Sun, Jun 23, 2013 at 12:25 AM, Yoav Nir <ynir@checkpoint.com > <mailto:ynir@checkpoint.com>> wrote: > > Hi David > > As far as I know, this idea was not discussed before. If we were > to do this, the proper URI for this would be some kind of RFC 5785 > URI like "/.well-known/pins" or "/.well-known/hpkp". > > Looking at the examples in the key-pinning draft, an HPKP header > using SHA-1 takes just under 120 bytes. > > > Depends on the number of pinned keys. Chrome's existing preloads [1] > have 9, 5, 19, 36, 2, and 2 keys. That's a mean of 12, which would be > >500 bytes with SHA256. > IMHO the expected session will be 2 keys with SHA-160 to SHA-512 per host. Just for my understanding: Do you think this will create too much header overhead and there want to the reference to the pin? > > > Compared to some of the stuff that gets sent in HTTP headers (I'm > looking at you, user-agent) this is pretty tame. Moreover, the > key-pinning header does not have to be sent in every response - > it's enough to send it once per full TLS handshake. > > > I thought so too, but draft-04 and later say: > > "If the Pinned Host does not include the PKP header field, and if the > connection passed Pin Validation, UAs MUST treat the host as if it had > set its max-age to 0 (see Section 2.3.1)." > > So apparently it *does* need to be sent on every response, to maintain > the pin? Yes. That is my reading of the paragraph, too. I guess the assumption was that this shall function as a fail safe instead of actively setting it to value 0. > > > Still, I can see several merits in your proposal: > - clients that don't support key pinning need not get a header > they're not going to process > - Inserting a header only in the first response requires > information from the TLS layer, so it's easier to just insert the > header in every response. > - HTTP/2 is not yet here, let alone wide-spread. > > > Agreed it has merit, particularly if there's any possibility of future > pinning policies growing larger with other types of data (e.g. > policies for error-handling and reporting, or "pinning" to other > things like CT, DNSSEC, TACK, etc...) > > > Trevor > > > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec
- [websec] Comments on draft-ietf-websec-key-pinnin… David Matson
- Re: [websec] Comments on draft-ietf-websec-key-pi… Yoav Nir
- Re: [websec] Comments on draft-ietf-websec-key-pi… Trevor Perrin
- Re: [websec] Comments on draft-ietf-websec-key-pi… Tobias Gondrom
- Re: [websec] Comments on draft-ietf-websec-key-pi… Trevor Perrin
- Re: [websec] Comments on draft-ietf-websec-key-pi… Chris Palmer
- Re: [websec] Comments on draft-ietf-websec-key-pi… Chris Palmer
- Re: [websec] Comments on draft-ietf-websec-key-pi… Tobias Gondrom
- Re: [websec] Comments on draft-ietf-websec-key-pi… Trevor Perrin
- Re: [websec] Comments on draft-ietf-websec-key-pi… Trevor Perrin
- Re: [websec] Comments on draft-ietf-websec-key-pi… Tobias Gondrom
- Re: [websec] Comments on draft-ietf-websec-key-pi… Phillip Hallam-Baker
- Re: [websec] Comments on draft-ietf-websec-key-pi… Trevor Perrin
- Re: [websec] Comments on draft-ietf-websec-key-pi… Phillip Hallam-Baker