IETF Logo Mail Archive

Re: [websec] Comments on draft-ietf-websec-key-pinning-06

Tobias Gondrom <tobias.gondrom@gondrom.org> Mon, 24 June 2013 07:01 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF23B21F9ABE for <websec@ietfa.amsl.com>; Mon, 24 Jun 2013 00:01:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -95.362
X-Spam-Level:
X-Spam-Status: No, score=-95.362 tagged_above=-999 required=5 tests=[AWL=-0.001, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SHqpNR0jQffk for <websec@ietfa.amsl.com>; Mon, 24 Jun 2013 00:01:38 -0700 (PDT)
Received: from lvps176-28-13-69.dedicated.hosteurope.de (lvps176-28-13-69.dedicated.hosteurope.de [176.28.13.69]) by ietfa.amsl.com (Postfix) with ESMTP id BDC2F21F9A6A for <websec@ietf.org>; Mon, 24 Jun 2013 00:01:37 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=aB9E1NcW1AJr9i4gcZUULXrPNxXj2GqQfiu/JJsf9b23CKi80qMamoTyk4Vv9GVpCZRcq/rCqm+mU+V5NBqTjuQxrJRTAzHva+JtAgrr6kcOLrFpBO9liG2mTmAKzLh0; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:X-Enigmail-Version:Content-Type;
Received: (qmail 7324 invoked from network); 24 Jun 2013 09:01:31 +0200
Received: from 188.82.247.60.static.bjtelecom.net (HELO ?172.31.8.30?) (60.247.82.188) by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 24 Jun 2013 09:01:31 +0200
Message-ID: <51C7EECC.3020108@gondrom.org>
Date: Mon, 24 Jun 2013 15:01:32 +0800
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: trevp@trevp.net
References: <8c03997da80b4e8da7100491011b8c12@BN1PR03MB039.namprd03.prod.outlook.com> <6F2FE5F2-D02C-4B09-A6CA-7C3B63722E34@checkpoint.com> <CAGZ8ZG32cRRU3rQ31cN0ZB78_Oxn7E4LpyTpYi0bT59jhzNuiw@mail.gmail.com>
In-Reply-To: <CAGZ8ZG32cRRU3rQ31cN0ZB78_Oxn7E4LpyTpYi0bT59jhzNuiw@mail.gmail.com>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/alternative; boundary="------------020605060500050603020007"
Cc: websec@ietf.org, dmatson@microsoft.com
Subject: Re: [websec] Comments on draft-ietf-websec-key-pinning-06
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Jun 2013 07:01:43 -0000

Hi all,

<no hat>
comments inline.
Best regards, Tobias


On 24/06/13 09:13, Trevor Perrin wrote:
>
> On Sun, Jun 23, 2013 at 12:25 AM, Yoav Nir <ynir@checkpoint.com
> <mailto:ynir@checkpoint.com>> wrote:
>
>     Hi David
>
>     As far as I know, this idea was not discussed before. If we were
>     to do this, the proper URI for this would be some kind of RFC 5785
>     URI like "/.well-known/pins" or "/.well-known/hpkp".
>
>     Looking at the examples in the key-pinning draft, an HPKP header
>     using SHA-1 takes just under 120 bytes.
>
>
> Depends on the number of pinned keys.  Chrome's existing preloads [1]
> have 9, 5, 19, 36, 2, and 2 keys.  That's a mean of 12, which would be
> >500 bytes with SHA256.
>

IMHO the expected session will be 2 keys with SHA-160 to SHA-512 per host.
Just for my understanding: Do you think this will create too much header
overhead and there want to the reference to the pin?

>  
>
>     Compared to some of the stuff that gets sent in HTTP headers (I'm
>     looking at you, user-agent) this is pretty tame. Moreover, the
>     key-pinning header does not have to be sent in every response -
>     it's enough to send it once per full TLS handshake.
>
>
> I thought so too, but draft-04 and later say:
>
> "If the Pinned Host does not include the PKP header field, and if the
> connection passed Pin Validation, UAs MUST treat the host as if it had
> set its max-age to 0 (see Section 2.3.1)."
>
> So apparently it *does* need to be sent on every response, to maintain
> the pin?

Yes. That is my reading of the paragraph, too. I guess the assumption
was that this shall function as a fail safe instead of actively setting
it to value 0.

>
>
>     Still, I can see several merits in your proposal:
>      - clients that don't support key pinning need not get a header
>     they're not going to process
>      - Inserting a header only in the first response requires
>     information from the TLS layer, so it's easier to just insert the
>     header in every response.
>      - HTTP/2 is not yet here, let alone wide-spread.
>
>
> Agreed it has merit, particularly if there's any possibility of future
> pinning policies growing larger with other types of data (e.g.
> policies for error-handling and reporting, or "pinning" to other
> things like CT, DNSSEC, TACK, etc...)
>
>
> Trevor
>
>
> _______________________________________________
> websec mailing list
> websec@ietf.org
> https://www.ietf.org/mailman/listinfo/websec

v2.23.0 | Report a Bug | By Email