Re: [websec] Certificate Pinning via HSTS
Tom Ritter <tom@ritter.vg> Tue, 13 September 2011 12:08 UTC
Return-Path: <tom@ritter.vg>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 66DA621F8A4B for <websec@ietfa.amsl.com>; Tue, 13 Sep 2011 05:08:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.976
X-Spam-Level:
X-Spam-Status: No, score=-2.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iiAl6FdbSNu1 for <websec@ietfa.amsl.com>; Tue, 13 Sep 2011 05:08:54 -0700 (PDT)
Received: from mail-gw0-f54.google.com (mail-gw0-f54.google.com [74.125.83.54]) by ietfa.amsl.com (Postfix) with ESMTP id 033AB21F8A4E for <websec@ietf.org>; Tue, 13 Sep 2011 05:08:53 -0700 (PDT)
Received: by gwj18 with SMTP id 18so555225gwj.27 for <websec@ietf.org>; Tue, 13 Sep 2011 05:10:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; bh=wYvpUhBYW7vKDcOe5uqtkAakc8fphTLK00gOJx/k5X8=; b=TcBTpIvp+Nk5K62TivVLOsP72raWBgixpkyy34E5oGmfAQwCz1dfzm7LZE5jw7TeW+ 7t/3PRMZiLoV5fDWxjliPMl3LTd9uIDpsp25S7AwTvs7ytshdbWv1ogciuTRF3VMA031 gR4a/AVnM6V0SON/inkiD8reelvzyAYN5g00I=
Received: by 10.68.59.170 with SMTP id a10mr1399707pbr.345.1315915859143; Tue, 13 Sep 2011 05:10:59 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.142.48.13 with HTTP; Tue, 13 Sep 2011 05:10:39 -0700 (PDT)
In-Reply-To: <CAOuvq22p2qNnXRsK=PS=mxknnq4MrCWt0Np-N8su-iHXaWHqpg@mail.gmail.com>
References: <CAOuvq22p2qNnXRsK=PS=mxknnq4MrCWt0Np-N8su-iHXaWHqpg@mail.gmail.com>
From: Tom Ritter <tom@ritter.vg>
Date: Tue, 13 Sep 2011 08:10:39 -0400
Message-ID: <CA+cU71=7tM9tS6bAddiLDtOBTX_DH3cebEd5dM=1DSMKXUMdjw@mail.gmail.com>
To: Chris Palmer <palmer@google.com>, websec@ietf.org, Chris Evans <cevans@google.com>
Content-Type: multipart/alternative; boundary="bcaec531474b56ac8404acd18970"
Subject: Re: [websec] Certificate Pinning via HSTS
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2011 12:08:58 -0000
I echo Marsh's question. Does a x509 Key Fingerprint include basicConstraints? I couldn't imagine a scenario where an attacker could get his own cert signed by a leaf cert of a website - but I also couldn't imagine New York getting hit by an earthquake ;) Other observations: I find the Revocation section very confusingly written. > "In the event of a mismatch, clients must check whatever revocation mechanism is available and attempt to discover whether the certificate with the mismatching fingerprint has been revoked." What is the definition of mismatch? I interpreted it as no cert in the chain contains a fingerprint which matches one of the fingerprints in the pin list (supplied via prior pinned directive, or preloaded list). Therefore all certificates in the chain supplied by the site are mismatching. But seeing if they are revoked is useless, I want to check the pinned list to see if any in the pin list is revoked, so I can reevaluate the pinned list and possibly downgrade the site to 'Known HSTS Host'. But the pin list only contains fingerprints - how do I check if a cert is revoked by fingerprint? The "Interactions With Built-in HSTS Lists" section is does not cover UA updates. Should a UA update with new pin information overwrite pin information previously validly supplied by a site? Finally, I'm of the opinion that all SSL Certificate information should be exposed as javascript properties by browser. That's a bit out of scope, so I'll dial it back and say while we're working on HSTS, HSTS information should be exposed as a read-only javascript property. It doesn't need to be structured, the entire contents of the header is sufficient, similar to document.cookie. This would allow at least two more (optional) defensive practices: 1) Plugin/Extension/Greasemonkey authors could produce something like HTTPSEverywhere or NoScript that could preload pins in a method similar to preloaded pins in a UA. If a site sent a pin list that didn't match the preloaded pin list, the extension could show a warning, error, or some alert. Although similar to preloaded pins, this would not require a UA to do work, nor would it require a UA to supply a user interface to bulk-load pins. 2) Site authors could include checks in javascript to check their pinned list. While this *is* an arms race, and any javascript that is already being middled by an attacker *could* be rewritten - in practice, javascript can be sufficently obfuscated to raise the barrier to exploitation (see gmail's javascript for example). -tom
- [websec] Certificate Pinning via HSTS Chris Palmer
- Re: [websec] Certificate Pinning via HSTS Richard L. Barnes
- Re: [websec] Certificate Pinning via HSTS SM
- Re: [websec] Certificate Pinning via HSTS =JeffH
- Re: [websec] Certificate Pinning via HSTS Richard L. Barnes
- Re: [websec] Certificate Pinning via HSTS Marsh Ray
- Re: [websec] Certificate Pinning via HSTS Yoav Nir
- Re: [websec] Certificate Pinning via HSTS Adam Langley
- Re: [websec] Certificate Pinning via HSTS James Nicoll
- Re: [websec] Certificate Pinning via HSTS Adam Langley
- Re: [websec] Certificate Pinning via HSTS Tobias Gondrom
- Re: [websec] Certificate Pinning via HSTS Tom Ritter
- Re: [websec] Certificate Pinning via HSTS Daniel Kahn Gillmor
- Re: [websec] Certificate Pinning via HSTS Philip Gladstone
- Re: [websec] Certificate Pinning via HSTS Chris Palmer
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Chris Palmer
- Re: [websec] Certificate Pinning via HSTS Chris Palmer
- Re: [websec] Certificate Pinning via HSTS Daniel Kahn Gillmor
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Daniel Kahn Gillmor
- Re: [websec] Certificate Pinning via HSTS Daniel Kahn Gillmor
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker
- Re: [websec] Certificate Pinning via HSTS Daniel Kahn Gillmor
- Re: [websec] Certificate Pinning via HSTS Phillip Hallam-Baker