Re: [websec] HPKP: The strict directive and TLS proxies
Chris Palmer <palmer@google.com> Tue, 26 November 2013 03:41 UTC
Return-Path: <palmer@google.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCAB41ADFC6 for <websec@ietfa.amsl.com>; Mon, 25 Nov 2013 19:41:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.38
X-Spam-Level:
X-Spam-Status: No, score=-1.38 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ADEMN8sq9mbl for <websec@ietfa.amsl.com>; Mon, 25 Nov 2013 19:41:03 -0800 (PST)
Received: from mail-ie0-x235.google.com (mail-ie0-x235.google.com [IPv6:2607:f8b0:4001:c03::235]) by ietfa.amsl.com (Postfix) with ESMTP id 2EBD61ADFC3 for <websec@ietf.org>; Mon, 25 Nov 2013 19:41:02 -0800 (PST)
Received: by mail-ie0-f181.google.com with SMTP id e14so8123678iej.40 for <websec@ietf.org>; Mon, 25 Nov 2013 19:41:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=/TK/VWh+PgMtMcdDO9VfuM045FwpQDDG8bcKL4Xw4w4=; b=S6EEMGX5jALlAahSm8EuGocYajWisfTbpduqALjgvplKBq+Fzj6kmlJpxqxrGnYHO5 vnEl5oG0Htr7nSeF4ZtU1NkjVhXojrUvzffZE67bWK9a2Phq52BqUBa7opzLiIO8uYSy HH2WHrPDJt/MhMakDq/lnDUfOLkflrNXEt6hXPm5sr1jYegtDGPf7/4ch/HDzITydmWG qe//jM53jCHFLaV5fFqfByLg2cQqkGEBTMVG/sQmpWEU8uzdrKK8XRY7HTmL5ME6aFzG tmfjZLGB3i6KWwQUJsUjYnotp0il+pWxSX7rztj6H6tthL5l9Wb39NjuGvR4c27j17J/ 5v2w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=/TK/VWh+PgMtMcdDO9VfuM045FwpQDDG8bcKL4Xw4w4=; b=mM+gpZVf0M5Je7fsSyb94hd/u7E2KLEgHpEzLEuelqKRGeQ3mfvc/F9l1i2S/nUtEh eUBKVrRKWw9FKwo3JgbFX8awnykAc5LoK2wPJjEiL6ZlJGS9/3qwxdbVEniH+50THwzH GrPQIgbThPtxzuD+z5de+GJu0/7pjAre5OYQAP6+qXzdqn85/Xh3IrPcgrT4bfdsggZ+ KfrSQVqMle1AKmdV/5yX/G00WF2sGSs/m8dAWEOIatoBN+dVGs9zHLbnQv2rN/PoLcoC rYuB5s5c4AkhGxZJCMeLYJqBuA+q4Bvr9W7TqMtSOKwCm3NfazHwHvPbb11iPoBa6t/+ MT1A==
X-Gm-Message-State: ALoCoQntY/es0GkKK1C1+t6CEgLayuPfcwaGt5xNNDpGPlMHXAX5SIdi44xX4q9xeM/3FJ06ke/RIMIi7Lsaev8UgOi3PEpE6Wdj+HosGKtL4xnZf5+PafFoZofZX9uV+3SWZeNByqnf/iXEmUbY943BAFgWa0qCRe3rz3Aq06Y8672xfupG1q4yppIGl5pwo/7AA1XRC/Nm
MIME-Version: 1.0
X-Received: by 10.50.16.45 with SMTP id c13mr15131008igd.55.1385437262666; Mon, 25 Nov 2013 19:41:02 -0800 (PST)
Received: by 10.64.81.70 with HTTP; Mon, 25 Nov 2013 19:41:02 -0800 (PST)
In-Reply-To: <BLU0-SMTP1502D31ECD1444DD25AF018B1E60@phx.gbl>
References: <47CAE73E-1D48-42CF-8D75-3B9A50C286FD@checkpoint.com> <D8A135CD-E9CD-4483-A624-3D39D76E0D91@checkpoint.com> <8eea8853462937ad59b0619cca9c4953.squirrel@webmail.dreamhost.com> <BLU0-SMTP1502D31ECD1444DD25AF018B1E60@phx.gbl>
Date: Mon, 25 Nov 2013 19:41:02 -0800
Message-ID: <CAOuvq22aMYifxq1twm80tY5MPEz5GqekVFf-2S9cNeouPF-n5g@mail.gmail.com>
From: Chris Palmer <palmer@google.com>
To: Yoav Nir <synp71@live.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] HPKP: The strict directive and TLS proxies
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Nov 2013 03:41:05 -0000
On Wed, Nov 20, 2013 at 1:36 PM, Yoav Nir <synp71@live.com> wrote: >> As I recall (perhaps incorrectly), our takeaway from IETF 86 was the >> removal of the 'strict' directive, since the notion of having a remote >> server provide a directive to override local policy is just escalating a >> policy arms race. > > That was issue #53. It was closed, and there was no consensus to remove > 'strict'. The only things missing from the draft is the closing of #57-#60. Issue 53 (http://tools.ietf.org/wg/websec/trac/ticket/53) was not quite about the policy arms race. The policy arms race between public web site www.example.com and a given client's filtering TLS proxy is over: if the client legitimately trusts the TLS proxy (e.g. the TLS proxy's trust anchor is installed in the client's trust anchor store), then www.example.com cannot enforce its policy on the client; in effect, the proxy is the true client. On the other hand, if the client does *not* trust the TLS proxy, then the proxy will be "caught" either by pinning or by the usual "The server presented a certificate your operating system does not trust" warning screen. So I don't think it is possible or sane to promise to site operators that they can deny MITM powers to MITMs that the client trusts. As I (think we) intended it, strict was to mean "bypass the local policy of not applying pinning to chains that chain to local trust anchors" — i.e. as a way of allowing sites that install their own trust anchors on machines to also pin the keys of the servers that the local trust anchor signs. This would be for enterprises that want to have their own PKI and also strictly enforce it (to ensure that, e.g., internal.example.com never chains to a public anchor). The utility of this is debatable (but, I would argue, more than 0... potentially). There is a new draft -09 in our Git repo at https://code.google.com/p/key-pinning-draft/source/browse/draft-ietf-websec-key-pinning.xml. Any thoughts before I actually put it in the IETF tracker as the real -09?
- [websec] HPKP: The strict directive and TLS proxi… Yoav Nir
- Re: [websec] HPKP: The strict directive and TLS p… Tom Ritter
- Re: [websec] HPKP: The strict directive and TLS p… Yoav Nir
- Re: [websec] HPKP: The strict directive and TLS p… Tom Ritter
- Re: [websec] HPKP: The strict directive and TLS p… Ryan Sleevi
- Re: [websec] HPKP: The strict directive and TLS p… Yoav Nir
- Re: [websec] HPKP: The strict directive and TLS p… Chris Palmer
- Re: [websec] HPKP: The strict directive and TLS p… Yoav Nir
- Re: [websec] HPKP: The strict directive and TLS p… Chris Palmer
- Re: [websec] HPKP: The strict directive and TLS p… Trevor Perrin
- Re: [websec] HPKP: The strict directive and TLS p… Tom Ritter
- Re: [websec] HPKP: The strict directive and TLS p… Trevor Perrin
- Re: [websec] HPKP: The strict directive and TLS p… Tom Ritter
- Re: [websec] HPKP: The strict directive and TLS p… Ryan Sleevi
- Re: [websec] HPKP: The strict directive and TLS p… Ryan Sleevi
- Re: [websec] HPKP: The strict directive and TLS p… Trevor Perrin
- Re: [websec] HPKP: The strict directive and TLS p… Ryan Sleevi
- Re: [websec] HPKP: The strict directive and TLS p… Trevor Perrin
- Re: [websec] HPKP: The strict directive and TLS p… Yoav Nir
- Re: [websec] HPKP: The strict directive and TLS p… Yoav Nir
- Re: [websec] HPKP: The strict directive and TLS p… Hannes Tschofenig
- Re: [websec] HPKP: The strict directive and TLS p… Yoav Nir
- Re: [websec] HPKP: The strict directive and TLS p… Trevor Perrin
- Re: [websec] HPKP: The strict directive and TLS p… Yoav Nir
- Re: [websec] HPKP: The strict directive and TLS p… Trevor Perrin
- Re: [websec] HPKP: The strict directive and TLS p… Yoav Nir
- Re: [websec] HPKP: The strict directive and TLS p… Trevor Perrin
- Re: [websec] HPKP: The strict directive and TLS p… Brian Smith
- Re: [websec] HPKP: The strict directive and TLS p… Brian Smith
- Re: [websec] HPKP: The strict directive and TLS p… Yoav Nir
- Re: [websec] HPKP: The strict directive and TLS p… Chris Palmer
- Re: [websec] HPKP: The strict directive and TLS p… Yoav Nir
- Re: [websec] HPKP: The strict directive and TLS p… Joseph Bonneau
- Re: [websec] HPKP: The strict directive and TLS p… Tobias Gondrom