IETF Logo Mail Archive

Re: [websec] #58: Should we pin only SPKI, or also names

Tobias Gondrom <tobias.gondrom@gondrom.org> Sun, 11 August 2013 18:09 UTC

Return-Path: <tobias.gondrom@gondrom.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 60E4121E805F for <websec@ietfa.amsl.com>; Sun, 11 Aug 2013 11:09:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -95.361
X-Spam-Level:
X-Spam-Status: No, score=-95.361 tagged_above=-999 required=5 tests=[AWL=-0.000, BAYES_00=-2.599, FH_HELO_EQ_D_D_D_D=1.597, FH_HOST_EQ_D_D_D_D=0.765, FM_DDDD_TIMES_2=1.999, HELO_DYNAMIC_IPADDR=2.426, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001, RDNS_DYNAMIC=0.1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zGGeiPr89lUm for <websec@ietfa.amsl.com>; Sun, 11 Aug 2013 11:09:40 -0700 (PDT)
Received: from lvps176-28-13-69.dedicated.hosteurope.de (lvps176-28-13-69.dedicated.hosteurope.de [176.28.13.69]) by ietfa.amsl.com (Postfix) with ESMTP id 9368121F9425 for <websec@ietf.org>; Sun, 11 Aug 2013 11:02:02 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=gondrom.org; b=haqNioFVDVPFRwpjAbc0FWKO1Rp3Kykm+dlefw9n/CmyjLkXeY5Ub8gqIsqtDUe0yGST7wsH+Ed22cL+RHpmxnC8DaG+/5uEDayRc1oCxD3cYByDnN41BGTY/DVS1HRD; h=Received:Received:Message-ID:Date:From:User-Agent:MIME-Version:To:CC:Subject:References:In-Reply-To:X-Enigmail-Version:Content-Type;
Received: (qmail 9759 invoked from network); 11 Aug 2013 20:02:01 +0200
Received: from 188-222-103-191.zone13.bethere.co.uk (HELO ?192.168.1.64?) (188.222.103.191) by lvps176-28-13-69.dedicated.hosteurope.de with ESMTPSA (DHE-RSA-AES256-SHA encrypted, authenticated); 11 Aug 2013 20:02:01 +0200
Message-ID: <5207D199.9000207@gondrom.org>
Date: Sun, 11 Aug 2013 19:02:01 +0100
From: Tobias Gondrom <tobias.gondrom@gondrom.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130804 Thunderbird/17.0.8
MIME-Version: 1.0
To: trevp@trevp.net
References: <060.be9b0009dc0350ca543f553042673944@trac.tools.ietf.org> <073501ce8c6e$f6c17d90$e44478b0$@digicert.com> <CAMm+LwjdGJC4FHCJ_OAYGRqCGGc0Nz1pLV=yVGK9M9E7drfujQ@mail.gmail.com> <CAOuvq200e9HnPX1w9sZ+e7ipBmdgZdPL5xzKDgcaDpSxz1N=gg@mail.gmail.com> <CAMm+Lwh384YBMXw-BDoxJw+AN4qv8x6GQpF9YK4PW1gQRnadpg@mail.gmail.com> <6125A841-6C85-4858-B37F-C021067F0CFA@checkpoint.com> <2035FF99-A079-4F2F-B4DE-962FE1C1B964@checkpoint.com> <CAOuvq20O9bqHGR-5eKPmasNnWEuNW7ACL7PxM09yoTmmyt1UUg@mail.gmail.com> <CAGZ8ZG2C4uB=4vgH325TWeNW89ne4E_DN0j9ZV0t2AKa1o+x9g@mail.gmail.com> <520776C0.9080202@gondrom.org> <CAGZ8ZG1s2gCUZiYaj4q=+S_9M8apRPPura5YU_n8aiW9QcoQZQ@mail.gmail.com>
In-Reply-To: <CAGZ8ZG1s2gCUZiYaj4q=+S_9M8apRPPura5YU_n8aiW9QcoQZQ@mail.gmail.com>
X-Enigmail-Version: 1.5.2
Content-Type: multipart/alternative; boundary="------------050502030708070106000801"
Cc: websec@ietf.org
Subject: Re: [websec] #58: Should we pin only SPKI, or also names
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Aug 2013 18:09:45 -0000

On 11/08/13 16:54, Trevor Perrin wrote:
> On Sun, Aug 11, 2013 at 4:34 AM, Tobias Gondrom
> <tobias.gondrom@gondrom.org> wrote:
>> Hi all,
>>
>> <no hats>
>>
>> A small question about pinning to names and uniqueness of "pinned names":
>> Under which conditions could the following attack scenario be a problem
>> and what would we do about it?
>>
>> Domain A has bought a cert from CA-11 with the name "super safe" and
>> pins to the name instead of the cert.
>> CA-11 could be an intermediate for CA-1 with the name "uber super safe".
>> Which names could we pin to?
>> - the intermediate CA-1 and/or CA-11?
>>
>> Now wondering whether the following is a problem:
>> attacker gains control over CA-2 (either through an attack or through
>> government influence) and issues a certificate for an intermediate
>> CA-11' with the name "super safe".
>
> Yes, that's a problem.  Gerv also brought up the "DigiCert" name collision.
>
> So using names as a "layer of indirection" to point to a set of
> CA-declared keys seems better than trying to pin to names as they
> appear in certs.
>
>
> Trevor

Thank you for the clarification.
In that case I would prefer not to pin to names. As the above scenario
is exactly the one we wanted to avoid in the first place.
We need to allow a domain to link to one specific cert or a specific set
of certs (like from one specified CA), and by this avoid that they are
exposed to risks by a breach of any other CA.

If we really need a to pin to a group of certs, maybe one other idea
might be to allow to pin to a top-node of a CA directly (but not
intermediaries as we would have the same attack scenario with them, too.)

Best regards, Tobias

v2.23.0 | Report a Bug | By Email