IETF Logo Mail Archive

Re: [websec] Ted Lemon's Discuss on draft-ietf-websec-key-pinning-19: (with DISCUSS)

Ted Lemon <Ted.Lemon@nominum.com> Thu, 04 September 2014 17:27 UTC

Return-Path: <Ted.Lemon@nominum.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 348571A007D; Thu, 4 Sep 2014 10:27:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.568
X-Spam-Level:
X-Spam-Status: No, score=-2.568 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.668] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kH3etLRVjr_5; Thu, 4 Sep 2014 10:27:41 -0700 (PDT)
Received: from shell-too.nominum.com (shell-too.nominum.com [64.89.228.229]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6CD41A00B0; Thu, 4 Sep 2014 10:27:40 -0700 (PDT)
Received: from archivist.nominum.com (archivist.nominum.com [64.89.228.108]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.nominum.com", Issuer "Go Daddy Secure Certificate Authority - G2" (verified OK)) by shell-too.nominum.com (Postfix) with ESMTP id 7D67F1B8900; Thu, 4 Sep 2014 10:27:40 -0700 (PDT)
Received: from webmail.nominum.com (cas-01.win.nominum.com [64.89.228.131]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "mail.nominum.com", Issuer "Go Daddy Secure Certification Authority" (verified OK)) by archivist.nominum.com (Postfix) with ESMTP id 3813653E074; Thu, 4 Sep 2014 10:27:40 -0700 (PDT)
Received: from [10.0.10.40] (71.233.43.215) by CAS-01.WIN.NOMINUM.COM (192.168.1.100) with Microsoft SMTP Server (TLS) id 14.3.195.1; Thu, 4 Sep 2014 10:27:40 -0700
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Ted Lemon <Ted.Lemon@nominum.com>
In-Reply-To: <CACvaWvap1G-Lz=JQc76PnwomSzRufuZyWR1savaCO5+69MAsbA@mail.gmail.com>
Date: Thu, 04 Sep 2014 13:27:37 -0400
Content-Transfer-Encoding: quoted-printable
Message-ID: <DD41CB1B-842B-4B69-AA42-00C790438AC3@nominum.com>
References: <20140807135751.6422.30957.idtracker@ietfa.amsl.com> <CACvaWvYTuutQGgkcZN3RraY9+UuRJ5WzBveci5oxrg=q96CdCw@mail.gmail.com> <3B6D8F39-468E-45ED-B9AD-9FCE8F2FC55A@nominum.com> <CACvaWvap1G-Lz=JQc76PnwomSzRufuZyWR1savaCO5+69MAsbA@mail.gmail.com>
To: Ryan Sleevi <sleevi@google.com>
X-Mailer: Apple Mail (2.1878.6)
X-Originating-IP: [71.233.43.215]
Archived-At: http://mailarchive.ietf.org/arch/msg/websec/fOj838gTosSSWLSM-LC4NOeSDeg
Cc: draft-ietf-websec-key-pinning@tools.ietf.org, "<websec@ietf.org>" <websec@ietf.org>, websec-chairs@tools.ietf.org, The IESG <iesg@ietf.org>
Subject: Re: [websec] Ted Lemon's Discuss on draft-ietf-websec-key-pinning-19: (with DISCUSS)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Sep 2014 17:27:42 -0000

Sorry for the long delay in responding to this--I needed to do some reading to figure out if I agreed with what you said.

The piece I was missing is that I didn't realize there was a process in place for requiring certificate transparency for any cert.   The plan to require certificate transparency in Chrome for Extended Validation certs sounds like a good start on making this happen, and does to some extent address my concern, although ultimately CT has to be required by the browser for _all_ certs before it really mitigates the key pinning attack I described.   But that's a path forward that I think is plausible.

So from my perspective, if the security considerations talks about the hostile pinning attack and suggests mandatory CT as a future way of addressing the problem, that would satisfy my DISCUSS.   I don't entirely agree with your observations about DNSSEC--I think I failed to effectively communicate the solution I was proposing, and so your response isn't actually addressing what I proposed.   But I don't care as long as the problem is addressed, and I do agree that once certificate transparency is mandatory, that will in fact be a better mitigation strategy than the DNSSEC-based strategy I suggested.

v2.15.0 | Report a Bug | By Email