Re: [websec] Certificate Pinning via HSTS
Phillip Hallam-Baker <hallam@gmail.com> Tue, 13 September 2011 21:38 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5433411E8113 for <websec@ietfa.amsl.com>; Tue, 13 Sep 2011 14:38:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.467
X-Spam-Level:
X-Spam-Status: No, score=-3.467 tagged_above=-999 required=5 tests=[AWL=0.131, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YnsAux4hht4B for <websec@ietfa.amsl.com>; Tue, 13 Sep 2011 14:38:17 -0700 (PDT)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by ietfa.amsl.com (Postfix) with ESMTP id F073C11E810A for <websec@ietf.org>; Tue, 13 Sep 2011 14:38:16 -0700 (PDT)
Received: by gyd12 with SMTP id 12so962257gyd.31 for <websec@ietf.org>; Tue, 13 Sep 2011 14:40:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=uM8yOwZiKSr/T17WP7sBcy11THrDNsNUK3WzkyqnAwM=; b=Z8QlGP5RP+XN+LNYT80K/1GGGvlgmFo5R5i5wwf1tPjH0eYZ6Ga5W9+Il2yImXP16j 1mYqV5CaL14l25DB2YbpF/7xrZ6QXUWH+c8dHBY/rHu+91xH3UPxjTS2nEegHpGJl3ga GQpzVMfODgkgyxfCvnYhPwFEAOJihWE0wLKrU=
MIME-Version: 1.0
Received: by 10.100.215.16 with SMTP id n16mr4181952ang.8.1315950023225; Tue, 13 Sep 2011 14:40:23 -0700 (PDT)
Received: by 10.100.120.20 with HTTP; Tue, 13 Sep 2011 14:40:23 -0700 (PDT)
In-Reply-To: <CAOuvq20UOvL3QTMMmskzPE20os_Yv57Kx_2Sntr8ap0nr+xxeQ@mail.gmail.com>
References: <CAOuvq22p2qNnXRsK=PS=mxknnq4MrCWt0Np-N8su-iHXaWHqpg@mail.gmail.com> <CA+cU71=7tM9tS6bAddiLDtOBTX_DH3cebEd5dM=1DSMKXUMdjw@mail.gmail.com> <4E6F62EE.2070409@cisco.com> <CAOuvq20UOvL3QTMMmskzPE20os_Yv57Kx_2Sntr8ap0nr+xxeQ@mail.gmail.com>
Date: Tue, 13 Sep 2011 17:40:23 -0400
Message-ID: <CAMm+Lwiv4RLMXOjA+mKzranFyrwngx6LS8BSd_jToteFbvJ7LQ@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Chris Palmer <palmer@google.com>
Content-Type: multipart/alternative; boundary="0016368e2058ad337804acd97dce"
Cc: Chris Evans <cevans@google.com>, websec@ietf.org
Subject: Re: [websec] Certificate Pinning via HSTS
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2011 21:38:18 -0000
I think we have a potential convergence here between four sets of security policy data and four delivery mechanisms: A) Revocation information for certs/roots B) Security protocol policy 'MUST USE TLS' C) Security Trust Policy 'use only this CA' D) Reporting 1) Data baked into the browser 2) Data pushed out to the browser in a signed format out of band 3) Data acquired by the browser from HTTP headers 4) Data acquired by the browser via DNS/DNSSEC The first clearly does not scale but has huge leverage since ten domains represent the biggest targets on the net for certain typs of criminal behavior. The second does not scale either but provides us with a vital tool to use when responding to an actual in-progress attack. The third scales but only gives secure after first contact. It is difficult to see how far hardfail will be practical. The fourth scales but is dependent on deployment of infrastructure and access to that infrastructure which means that it is going to be some time before clients can hardfail if the data is not available. Having the three mechanisms using a common data format allows for an agile approach to response. For example let us imagine that paymentgate.com is attacked and a bogus cert is issued. paymentgate.com has decided that it is a likely target for attack and has implemented and published a security policy through DNS records and published it with DNSSEC. paymentgate.com is not however sufficiently prominent to be amongst 10 or so security policies that are baked into browsers. A client that has _reliable_ access to DNSSEC data will detect the bogus cert and reject it. But that is only going to be effective if the browser can hardfail if the DNSSEC data is not present. If Iran is performing a network level MITM attack you can be certain that they will strip all DNSSEC data the minute that any deployed clients start relying on it. So perversely DNSSEC only provides direct security for the people who are not likely being attacked. :-( We can however get some DNSSEC data through using other channels and so it is quite reasonable to expect that we can get a notification that the attack is in in progress by those clients reading the security policy data in the DNS and then making use of whatever reporting infrastructure we build into those clients. However we have the option of using the Langley/Kaminsky hack of pickling a chain of DNS data and putting it into another signed object. For example a certificate or an OCSP token. So when a report is received, the browser provider looks at the taget(s) of the attack and can attempt to retrieve security policy from the DNS. If there is a published policy they can decide to add paymentgate.com to the list of data driven security policy they push out. So in summary, I would like to address all four delivery mechanisms as if they are merely different delivery mechanisms for the same data types. Despite that, I would like all three mechanisms to employ the On Tue, Sep 13, 2011 at 2:11 PM, Chris Palmer <palmer@google.com> wrote: > Hi everybody, > > Thanks for your comments and questions — good ones! I'll try to > address them in the XMLified draft that I'm working on now, and which > I'll send out today. > _______________________________________________ > websec mailing list > websec@ietf.org > https://www.ietf.org/mailman/listinfo/websec > -- Website: http://hallambaker.com/
- [websec] Certificate Pinning via HSTS Chris Palmer
- Re: [websec] Certificate Pinning via HSTS Richard L. Barnes
- Re: [websec] Certificate Pinning via HSTS SM
- Re: [websec] Certificate Pinning via HSTS =JeffH
- Re: [websec] Certificate Pinning via HSTS Richard L. Barnes
- Re: [websec] Certificate Pinning via HSTS Marsh Ray
- Re: [websec] Certificate Pinning via HSTS Yoav Nir
- Re: [websec] Certificate Pinning via HSTS Adam Langley
- Re: [websec] Certificate Pinning via HSTS James Nicoll
- Re: [websec] Certificate Pinning via HSTS Adam Langley
- Re: [websec] Certificate Pinning via HSTS Tobias Gondrom
- Re: [websec] Certificate Pinning via HSTS Tom Ritter
- Re: [websec] Certificate Pinning via HSTS Daniel Kahn Gillmor
- Re: [websec] Certificate Pinning via HSTS Philip Gladstone
- Re: [websec] Certificate Pinning via HSTS Chris Palmer
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Chris Palmer
- Re: [websec] Certificate Pinning via HSTS Chris Palmer
- Re: [websec] Certificate Pinning via HSTS Daniel Kahn Gillmor
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Daniel Kahn Gillmor
- Re: [websec] Certificate Pinning via HSTS Daniel Kahn Gillmor
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Daniel Kahn Gillmor
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker