IETF Logo Mail Archive

Re: [websec] #58: Should we pin only SPKI, or also names

Trevor Perrin <trevp@trevp.net> Wed, 07 August 2013 09:28 UTC

Return-Path: <trevp@trevp.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66B8811E8103 for <websec@ietfa.amsl.com>; Wed, 7 Aug 2013 02:28:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WTnHfXRd9gN7 for <websec@ietfa.amsl.com>; Wed, 7 Aug 2013 02:28:40 -0700 (PDT)
Received: from mail-we0-f181.google.com (mail-we0-f181.google.com [74.125.82.181]) by ietfa.amsl.com (Postfix) with ESMTP id DF31E11E80E6 for <websec@ietf.org>; Wed, 7 Aug 2013 02:28:39 -0700 (PDT)
Received: by mail-we0-f181.google.com with SMTP id p58so1277388wes.26 for <websec@ietf.org>; Wed, 07 Aug 2013 02:28:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=gesWHJT8FmOPPcydLDGxeKM7xqgj8PBZDUEzCyq4QNQ=; b=aGNiAn6VaI/up2CHG3FmWpVaPXPxk6z2y/TNVEjmTNJptswuO6MoctzbbKVoAmFGoz 7QvCAZ+Y7z5ShMrqYn5gRz7s6REQ6dRt8FSBuRlwlBkOPiWaI8awyBIWq7BFl98uCGKM 4sM5zpG3F9npQq87ZV8X6k4Ab/l6mMLN4/BpFSMvKGCg0YuYYZu++GtgDvQ4913BSIH8 QDUdmtiDycYBDXq9vN7U85mYIrpY7dPI4H+78qoB8rDOyCM5Iz/NXmo8C/5onqgWW1tU ZScIzh7jb44B2jTd6xW/c2V0JLDA/NbzG3b5wk8pYfNKK8+hVzUH5pX/urmZ782NHONP M66A==
X-Gm-Message-State: ALoCoQm+Zycsb47/NYpVxnXBvn/rMK4d/AqeCm5ghvhhgvGKwABk6sFwiyEXhf5t22NWKsvKcIb7
MIME-Version: 1.0
X-Received: by 10.194.190.201 with SMTP id gs9mr1632792wjc.82.1375867718848; Wed, 07 Aug 2013 02:28:38 -0700 (PDT)
Received: by 10.216.212.9 with HTTP; Wed, 7 Aug 2013 02:28:38 -0700 (PDT)
X-Originating-IP: [24.234.64.225]
In-Reply-To: <2035FF99-A079-4F2F-B4DE-962FE1C1B964@checkpoint.com>
References: <060.be9b0009dc0350ca543f553042673944@trac.tools.ietf.org> <073501ce8c6e$f6c17d90$e44478b0$@digicert.com> <CAMm+LwjdGJC4FHCJ_OAYGRqCGGc0Nz1pLV=yVGK9M9E7drfujQ@mail.gmail.com> <CAOuvq200e9HnPX1w9sZ+e7ipBmdgZdPL5xzKDgcaDpSxz1N=gg@mail.gmail.com> <CAMm+Lwh384YBMXw-BDoxJw+AN4qv8x6GQpF9YK4PW1gQRnadpg@mail.gmail.com> <6125A841-6C85-4858-B37F-C021067F0CFA@checkpoint.com> <2035FF99-A079-4F2F-B4DE-962FE1C1B964@checkpoint.com>
Date: Wed, 07 Aug 2013 02:28:38 -0700
Message-ID: <CAGZ8ZG2Ex9Cvft38zSQX5Hcu3hU40HOjpAM+9fCG=JgBJM55Qg@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Yoav Nir <ynir@checkpoint.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: websec <websec@ietf.org>
Subject: Re: [websec] #58: Should we pin only SPKI, or also names
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2013 09:28:45 -0000

On Tue, Aug 6, 2013 at 11:19 PM, Yoav Nir <ynir@checkpoint.com> wrote:
>
> So far, only Phil and Jeremy have been in favor of making this change.

I'm in favor.

This is relevant to the .well-known URI vs HTTP Header discussion.
Pinning CA names would reduce HPKP size, making frequent sending of
headers more palatable.

More importantly, maintaining a list of key hashes for a set of CAs is
a complex undertaking.  I think many potential adopters will be scared
away, or will do it incorrectly (pinning keys they shouldn't, omitting
keys they should, not keeping the list current, and so on).

Consider that Google has offered preloaded key pins in Chrome since
May 2011 [1].  Since then it looks like ~100 organizations (apart from
Google) have signed up for preloaded HSTS.  Only 3 have signed up for
preloaded key pins.  That suggests we need to do more to make pinning
attractive.

Of those 3, one is a major website with a number of subdomains and
some content served over CDN.  It's pinning two sets of keys, one with
36 keys, one with 19.  The WG seems eager to dismiss this as a zany
"outlier" case.  I think that's a cavalier attitude towards one of the
best data points we have.  It's entirely possible that many websites
would have to construct lists of similar size and complexity (or
worse).

--

Finally, let's look into our hearts.  Imagine you had to construct an
HPKP header that includes a few popular CAs (Symantec, Comodo, and
GoDaddy, for instance).

You of course want to exclude irrelevant roots (like code-signing).
And revoked, expired, or soon-to-be-expired roots.  And
cryptographically weak roots (e.g. 1024-bit RSA).  And you'd need to
include enough root or intermediate keys to cover all cert paths all
browsers might construct for all certs these businesses might issue to
you over the pin timeframe.  (Taking into account the vagaries of root
ownership, cross-certification, AIA chasing, etc.)

And once you've figured that out, you've got to track it over time.
Keys could get revoked, expire, change hands, acquire or issue new
certificates, and get added or removed from root stores.

To me, this sounds difficult even for web PKI experts, and close to
unmanageable for anyone who isn't.

--

Anyways, I hope HPKP can offer websites a safe and easy route to
declaring CA pins.  I think that means improving usability.

If people think I'm wildly exaggerating the usability issues, or have
other proposals / explanations of how to solve them, I'd like to hear
that...


Trevor


[1] https://www.imperialviolet.org/2011/05/04/pinning.html

v2.23.0 | Report a Bug | By Email