Re: [websec] #58: Should we pin only SPKI, or also names
Trevor Perrin <trevp@trevp.net> Wed, 07 August 2013 09:28 UTC
Return-Path: <trevp@trevp.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66B8811E8103 for <websec@ietfa.amsl.com>; Wed, 7 Aug 2013 02:28:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WTnHfXRd9gN7 for <websec@ietfa.amsl.com>; Wed, 7 Aug 2013 02:28:40 -0700 (PDT)
Received: from mail-we0-f181.google.com (mail-we0-f181.google.com [74.125.82.181]) by ietfa.amsl.com (Postfix) with ESMTP id DF31E11E80E6 for <websec@ietf.org>; Wed, 7 Aug 2013 02:28:39 -0700 (PDT)
Received: by mail-we0-f181.google.com with SMTP id p58so1277388wes.26 for <websec@ietf.org>; Wed, 07 Aug 2013 02:28:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=gesWHJT8FmOPPcydLDGxeKM7xqgj8PBZDUEzCyq4QNQ=; b=aGNiAn6VaI/up2CHG3FmWpVaPXPxk6z2y/TNVEjmTNJptswuO6MoctzbbKVoAmFGoz 7QvCAZ+Y7z5ShMrqYn5gRz7s6REQ6dRt8FSBuRlwlBkOPiWaI8awyBIWq7BFl98uCGKM 4sM5zpG3F9npQq87ZV8X6k4Ab/l6mMLN4/BpFSMvKGCg0YuYYZu++GtgDvQ4913BSIH8 QDUdmtiDycYBDXq9vN7U85mYIrpY7dPI4H+78qoB8rDOyCM5Iz/NXmo8C/5onqgWW1tU ZScIzh7jb44B2jTd6xW/c2V0JLDA/NbzG3b5wk8pYfNKK8+hVzUH5pX/urmZ782NHONP M66A==
X-Gm-Message-State: ALoCoQm+Zycsb47/NYpVxnXBvn/rMK4d/AqeCm5ghvhhgvGKwABk6sFwiyEXhf5t22NWKsvKcIb7
MIME-Version: 1.0
X-Received: by 10.194.190.201 with SMTP id gs9mr1632792wjc.82.1375867718848; Wed, 07 Aug 2013 02:28:38 -0700 (PDT)
Received: by 10.216.212.9 with HTTP; Wed, 7 Aug 2013 02:28:38 -0700 (PDT)
X-Originating-IP: [24.234.64.225]
In-Reply-To: <2035FF99-A079-4F2F-B4DE-962FE1C1B964@checkpoint.com>
References: <060.be9b0009dc0350ca543f553042673944@trac.tools.ietf.org> <073501ce8c6e$f6c17d90$e44478b0$@digicert.com> <CAMm+LwjdGJC4FHCJ_OAYGRqCGGc0Nz1pLV=yVGK9M9E7drfujQ@mail.gmail.com> <CAOuvq200e9HnPX1w9sZ+e7ipBmdgZdPL5xzKDgcaDpSxz1N=gg@mail.gmail.com> <CAMm+Lwh384YBMXw-BDoxJw+AN4qv8x6GQpF9YK4PW1gQRnadpg@mail.gmail.com> <6125A841-6C85-4858-B37F-C021067F0CFA@checkpoint.com> <2035FF99-A079-4F2F-B4DE-962FE1C1B964@checkpoint.com>
Date: Wed, 07 Aug 2013 02:28:38 -0700
Message-ID: <CAGZ8ZG2Ex9Cvft38zSQX5Hcu3hU40HOjpAM+9fCG=JgBJM55Qg@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Yoav Nir <ynir@checkpoint.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: websec <websec@ietf.org>
Subject: Re: [websec] #58: Should we pin only SPKI, or also names
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2013 09:28:45 -0000
On Tue, Aug 6, 2013 at 11:19 PM, Yoav Nir <ynir@checkpoint.com> wrote: > > So far, only Phil and Jeremy have been in favor of making this change. I'm in favor. This is relevant to the .well-known URI vs HTTP Header discussion. Pinning CA names would reduce HPKP size, making frequent sending of headers more palatable. More importantly, maintaining a list of key hashes for a set of CAs is a complex undertaking. I think many potential adopters will be scared away, or will do it incorrectly (pinning keys they shouldn't, omitting keys they should, not keeping the list current, and so on). Consider that Google has offered preloaded key pins in Chrome since May 2011 [1]. Since then it looks like ~100 organizations (apart from Google) have signed up for preloaded HSTS. Only 3 have signed up for preloaded key pins. That suggests we need to do more to make pinning attractive. Of those 3, one is a major website with a number of subdomains and some content served over CDN. It's pinning two sets of keys, one with 36 keys, one with 19. The WG seems eager to dismiss this as a zany "outlier" case. I think that's a cavalier attitude towards one of the best data points we have. It's entirely possible that many websites would have to construct lists of similar size and complexity (or worse). -- Finally, let's look into our hearts. Imagine you had to construct an HPKP header that includes a few popular CAs (Symantec, Comodo, and GoDaddy, for instance). You of course want to exclude irrelevant roots (like code-signing). And revoked, expired, or soon-to-be-expired roots. And cryptographically weak roots (e.g. 1024-bit RSA). And you'd need to include enough root or intermediate keys to cover all cert paths all browsers might construct for all certs these businesses might issue to you over the pin timeframe. (Taking into account the vagaries of root ownership, cross-certification, AIA chasing, etc.) And once you've figured that out, you've got to track it over time. Keys could get revoked, expire, change hands, acquire or issue new certificates, and get added or removed from root stores. To me, this sounds difficult even for web PKI experts, and close to unmanageable for anyone who isn't. -- Anyways, I hope HPKP can offer websites a safe and easy route to declaring CA pins. I think that means improving usability. If people think I'm wildly exaggerating the usability issues, or have other proposals / explanations of how to solve them, I'd like to hear that... Trevor [1] https://www.imperialviolet.org/2011/05/04/pinning.html
- [websec] #58: Should we pin only SPKI, or also na… websec issue tracker
- Re: [websec] #58: Should we pin only SPKI, or als… Jeremy Rowley
- Re: [websec] #58: Should we pin only SPKI, or als… Phillip Hallam-Baker
- Re: [websec] #58: Should we pin only SPKI, or als… Chris Palmer
- Re: [websec] #58: Should we pin only SPKI, or als… Phillip Hallam-Baker
- Re: [websec] #58: Should we pin only SPKI, or als… Yoav Nir
- Re: [websec] #58: Should we pin only SPKI, or als… Gervase Markham
- Re: [websec] #58: Should we pin only SPKI, or als… Yoav Nir
- Re: [websec] #58: Should we pin only SPKI, or als… Gervase Markham
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Gervase Markham
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Gervase Markham
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Gervase Markham
- Re: [websec] #58: Should we pin only SPKI, or als… Jeremy Rowley
- Re: [websec] #58: Should we pin only SPKI, or als… Gervase Markham
- Re: [websec] #58: Should we pin only SPKI, or als… Jeremy Rowley
- Re: [websec] #58: Should we pin only SPKI, or als… Yoav Nir
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Yoav Nir
- Re: [websec] #58: Should we pin only SPKI, or als… Tobias Gondrom
- Re: [websec] #58: Should we pin only SPKI, or als… Chris Palmer
- Re: [websec] #58: Should we pin only SPKI, or als… Chris Palmer
- Re: [websec] #58: Should we pin only SPKI, or als… Yoav Nir
- Re: [websec] #58: Should we pin only SPKI, or als… Chris Palmer
- Re: [websec] #58: Should we pin only SPKI, or als… Chris Palmer
- Re: [websec] #58: Should we pin only SPKI, or als… Yoav Nir
- Re: [websec] #58: Should we pin only SPKI, or als… Tobias Gondrom
- Re: [websec] #58: Should we pin only SPKI, or als… Gervase Markham
- Re: [websec] #58: Should we pin only SPKI, or als… Phillip Hallam-Baker
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Tobias Gondrom
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Tobias Gondrom
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Yoav Nir
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Yoav Nir
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Yoav Nir
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Gervase Markham
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Gervase Markham
- Re: [websec] #58: Should we pin only SPKI, or als… Yoav Nir
- Re: [websec] #58: Should we pin only SPKI, or als… Jeremy Rowley
- Re: [websec] #58: Should we pin only SPKI, or als… Jeremy Rowley
- Re: [websec] #58: Should we pin only SPKI, or als… Rob Stradling
- Re: [websec] #58: Should we pin only SPKI, or als… Ryan Sleevi
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Jeremy Rowley
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Gervase Markham
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Yoav Nir
- Re: [websec] #58: Should we pin only SPKI, or als… Gervase Markham
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Gervase Markham
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Trevor Perrin
- Re: [websec] #58: Should we pin only SPKI, or als… Yoav Nir
- Re: [websec] #58: Should we pin only SPKI, or als… Tobias Gondrom
- Re: [websec] #58: Should we pin only SPKI, or als… Yoav Nir
- Re: [websec] #58: Should we pin only SPKI, or als… Ryan Sleevi
- Re: [websec] #58: Should we pin only SPKI, or als… websec issue tracker