Re: [websec] Re-litigating Key-Pinning

Trevor Perrin <trevp@trevp.net> Wed, 27 August 2014 16:53 UTC

Return-Path: <trevp@trevp.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48CDF1A0005 for <websec@ietfa.amsl.com>; Wed, 27 Aug 2014 09:53:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.978
X-Spam-Level:
X-Spam-Status: No, score=-1.978 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y7i_TEX503GK for <websec@ietfa.amsl.com>; Wed, 27 Aug 2014 09:53:54 -0700 (PDT)
Received: from mail-ig0-f170.google.com (mail-ig0-f170.google.com [209.85.213.170]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 600501A0AE8 for <websec@ietf.org>; Wed, 27 Aug 2014 09:53:54 -0700 (PDT)
Received: by mail-ig0-f170.google.com with SMTP id h3so7591216igd.3 for <websec@ietf.org>; Wed, 27 Aug 2014 09:53:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=UOo1VvnK5lU3EzwrqbkR4CtiBr9hYANg2hN5l4TIet0=; b=IGdyfmh+OawM6gTI8uuqVLhlxUIzuYA5qib728Odql5/CWVxwlhXwZuN8ZEtn8c8dt Z2n50OoyD3uv3sE+ANhqB2DHTq2o9k4lEpovjxQlacqgI0dLGNmMo3f1enX7D9afxLxf oZszBEAATt49eFCOUaQFHudhVQpzEA9rrMDAFt5CFNRLs+LfBjepgwfIymiZd4OYER8W soEolkL5V4QbqX0qsEkCPhH8d4AQqZ0Lj82UME1S2Zhon6yKSGnYKOwSt55Wrgouoaym IBmuPlBz2XYZSFger/YCjHPY2IZ/Lue2uIp48fWvIFpdkgTlseGsl40es3k1l0Kkn5KR sizg==
X-Gm-Message-State: ALoCoQlz5Yj2PsvAOP0cWekY8ioDKUWkOcIWpHeDgppEfY2sNS6kU/ZlzOk7H3P7d/QuA6V//Noy
MIME-Version: 1.0
X-Received: by 10.50.57.68 with SMTP id g4mr31676252igq.48.1409158433716; Wed, 27 Aug 2014 09:53:53 -0700 (PDT)
Received: by 10.107.133.154 with HTTP; Wed, 27 Aug 2014 09:53:53 -0700 (PDT)
X-Originating-IP: [50.1.57.236]
In-Reply-To: <CALaySJ+ZpTy+g2zJdq+V7dbK=hpkRGCBvqdODn6OOzxjz+J=dw@mail.gmail.com>
References: <6CAA88AE-1A98-4FF1-B994-A43A0AD3930D@gmail.com> <CAGZ8ZG03Uy5OdEaEPoX+zvAWQ9cvDYBeufW4CZvLtHN2SFDB8g@mail.gmail.com> <CALaySJ+ZpTy+g2zJdq+V7dbK=hpkRGCBvqdODn6OOzxjz+J=dw@mail.gmail.com>
Date: Wed, 27 Aug 2014 09:53:53 -0700
Message-ID: <CAGZ8ZG1-2SrgZXmAQcymWNeWsRvTBSnh1tYuKw2kCgo072GF4Q@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Barry Leiba <barryleiba@computer.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/websec/QFbVA00tSObWicZaQ_c2gMxO-q8
Cc: "<websec@ietf.org>" <websec@ietf.org>
Subject: Re: [websec] Re-litigating Key-Pinning
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Aug 2014 16:53:56 -0000

On Wed, Aug 27, 2014 at 7:55 AM, Barry Leiba <barryleiba@computer.org> wrote:
>
> So, let me be clear about what you (Trevor) are saying in your
> message, because I'm not sure.
>
>  - Is it that an error was made in document editing, such that
> something that you thought was decided one way made it into the
> document in a different, incorrect way?
>
>  - Or is it that you think the issue you brought up was not adequately
> considered, and editing of the document went off in the wrong
> direction because of that?
>
>  - Or is it that you think the issue you brought up was discussed, the
> working group decided otherwise, and the editing went in the direction
> of consensus that you disagree with.


I'd say the first two, not the third.  But it's hard to know what
counts as "decided" or "adequately considered".

The main discussion of this I'm aware of was:

http://www.ietf.org/mail-archive/web/websec/current/msg02034.html

Discussion was light.  One of the editors proposed not storing
PKP-PRO.  I preferred either storing it or not supporting it.  Two
others were in favor of storing it.  The draft was edited seemingly
based on "storing".

I thought the edits were incomplete so pushed for more, but that may
have been misunderstood as it was edited in the other direction,
without the issue being re-discussed.

In any case, I don't think this is "re-litigating" a contentious or
resolved discussion.  It just seems like a lightly-discussed issue
with some communication breakdown between the discussion above and
editing.


Trevor



>
>  - Or is it something else?
>
> Thanks,
> Barry, Applications AD
>
> On Wed, Aug 27, 2014 at 3:36 AM, Trevor Perrin <trevp@trevp.net> wrote:
>> On Tue, Aug 26, 2014 at 10:44 PM, Yoav Nir <ynir.ietf@gmail.com> wrote:
>>> Hi folks
>>>
>>> In the last few days, we've had a bunch of threads re-opening issues with key-pinning, mostly around the PKP-RO.
>>>
>>> This document has gone through years of discussion on the mailing list, a WGLC and an IETF LC.
>>>
>>> The document is now under review by the IESG. We (the working group) and the authors need to address comments and discuss ballots by members of the IESG. This is an inappropriate time to raise new substantive issues about the document.
>>
>>
>> PKP-RO isn't a new issue.
>>
>> The initial draft of PKP-RO was claimed to "follow the same syntax and
>> semantics of the Public-Key-Pins header" [1].
>>
>> But the text was unclear.  When we discussed this in February Ryan
>> proposed to not store PKP-RO pins [2,3].  Myself, Daniel Kahn-Gillmor,
>> and Tom Ritter proposed to store them [4,5,6], and Chris added text
>> for this [7,8,9,10].
>>
>> I later discussed other cleanup of the PKP-RO text [11].  As part of
>> that Chris changed some of the wording to *not* store PKP-RO pins
>> [12].  I pointed out the discrepancy and that "I thought we decided
>> the opposite" a couple times [13,14], but there was a misunderstanding
>> and he changed things more towards *not* storing PKP-RO [15].  A
>> couple days after you declared "this working group has done as much as
>> we can", and further discussion would be "counter-productive" [16].
>>
>> But I still think storing PKP-RO would be better, and seemed to be the
>> group's preference.
>>
>>
>> Trevor
>>
>>
>> [1] http://www.ietf.org/mail-archive/web/websec/current/msg01539.html
>> [2] http://www.ietf.org/mail-archive/web/websec/current/msg02030.html
>> [3] http://www.ietf.org/mail-archive/web/websec/current/msg02037.html
>> [4] http://www.ietf.org/mail-archive/web/websec/current/msg02042.html
>> [5] http://www.ietf.org/mail-archive/web/websec/current/msg02043.html
>> [6] http://www.ietf.org/mail-archive/web/websec/current/msg02044.html
>> [7] http://www.ietf.org/mail-archive/web/websec/current/msg02051.html
>> [8] http://www.ietf.org/mail-archive/web/websec/current/msg02054.html
>> [9] http://www.ietf.org/mail-archive/web/websec/current/msg02055.html
>> [10] http://www.ietf.org/mail-archive/web/websec/current/msg02069.html
>> [11] http://www.ietf.org/mail-archive/web/websec/current/msg02075.html
>> [12] http://www.ietf.org/mail-archive/web/websec/current/msg02081.html
>> [13] http://www.ietf.org/mail-archive/web/websec/current/msg02084.html
>> [14] http://www.ietf.org/mail-archive/web/websec/current/msg02094.html
>> [15] http://www.ietf.org/mail-archive/web/websec/current/msg02097.html
>> [16] http://www.ietf.org/mail-archive/web/websec/current/msg02100.html