IETF Logo Mail Archive

Re: [websec] Certificate Pinning via HSTS

Chris Palmer <palmer@google.com> Tue, 13 September 2011 21:53 UTC

Return-Path: <palmer@google.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9632311E812A for <websec@ietfa.amsl.com>; Tue, 13 Sep 2011 14:53:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -105.677
X-Spam-Level:
X-Spam-Status: No, score=-105.677 tagged_above=-999 required=5 tests=[AWL=-0.300, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_34=0.6, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qhNfNbEhE-xS for <websec@ietfa.amsl.com>; Tue, 13 Sep 2011 14:53:41 -0700 (PDT)
Received: from smtp-out.google.com (smtp-out.google.com [74.125.121.67]) by ietfa.amsl.com (Postfix) with ESMTP id D78D811E8129 for <websec@ietf.org>; Tue, 13 Sep 2011 14:53:40 -0700 (PDT)
Received: from wpaz29.hot.corp.google.com (wpaz29.hot.corp.google.com [172.24.198.93]) by smtp-out.google.com with ESMTP id p8DLtkET010647 for <websec@ietf.org>; Tue, 13 Sep 2011 14:55:47 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=google.com; s=beta; t=1315950947; bh=ZDI792jBLbL0xAh/cD85MYfWXlk=; h=MIME-Version:In-Reply-To:References:Date:Message-ID:Subject:From: To:Cc:Content-Type:Content-Transfer-Encoding; b=sicBLpN/ONzSnZop6EWGq8t3Vp7PPt58RayausFo/9QJdvXv2QvoEuLvesMjmx2eW ISJQI1L+4zJtHkEAINHnQ==
DomainKey-Signature: a=rsa-sha1; s=beta; d=google.com; c=nofws; q=dns; h=dkim-signature:mime-version:in-reply-to:references:date: message-id:subject:from:to:cc:content-type: content-transfer-encoding:x-system-of-record; b=qDZ4QNn/M1FXw/nnQkx7kPJxaJio/z8uOThBk9rK8t2jS6vwkZIoiTFX57Bx7gS3r Mi06vA1T3tFOyBjxS745w==
Received: from wwi18 (wwi18.prod.google.com [10.241.243.18]) by wpaz29.hot.corp.google.com with ESMTP id p8DLtWEd021479 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <websec@ietf.org>; Tue, 13 Sep 2011 14:55:45 -0700
Received: by wwi18 with SMTP id 18so1254713wwi.3 for <websec@ietf.org>; Tue, 13 Sep 2011 14:55:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=beta; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=0mUR8h/M0jbcymyPVv7iT2O6efj5YqvGQBYrU5UwU6Q=; b=yFjAnOQ3GUlhvXYv0Z0ZSNZjveh8uNuW0O37MisUkkP2DQbkmmfdZ4ee+o0OrmK1YN xRke/bwQoPxizbbJhq7w==
Received: by 10.216.220.220 with SMTP id o70mr1174223wep.19.1315950940779; Tue, 13 Sep 2011 14:55:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.216.220.220 with SMTP id o70mr1174121wep.19.1315950932971; Tue, 13 Sep 2011 14:55:32 -0700 (PDT)
Received: by 10.216.61.16 with HTTP; Tue, 13 Sep 2011 14:55:32 -0700 (PDT)
In-Reply-To: <4E6F5056.800@fifthhorseman.net>
References: <CAOuvq22p2qNnXRsK=PS=mxknnq4MrCWt0Np-N8su-iHXaWHqpg@mail.gmail.com> <4E6F5056.800@fifthhorseman.net>
Date: Tue, 13 Sep 2011 14:55:32 -0700
Message-ID: <CAOuvq22E-OvU_53gf_go8Nf_jXX_=wbTf7rn2XEa+GAWHTU+7w@mail.gmail.com>
From: Chris Palmer <palmer@google.com>
To: websec@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-System-Of-Record: true
Cc: Chris Evans <cevans@google.com>
Subject: Re: [websec] Certificate Pinning via HSTS
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Sep 2011 21:53:41 -0000

On Tue, Sep 13, 2011 at 5:45 AM, Daniel Kahn Gillmor
<dkg@fifthhorseman.net> wrote:

> From my perspective, i see no advantage to pinning any of the CAs -- if
> your EE is compromised, you're sunk.  And since the mechanism provides a
> mechanism (and nice instructions, thanks) for transition to an emergency
> offline backup EE key+cert, that is all handled well.

In the case of normal EE certificate expiration — as opposed to
compromise — if you are pinned to (say) an intermediary signer, you
can just get a fresh certificate from the same signer, deploy it, and
change nothing else.

Conversely, if you had pinned to an EE, you'd need to follow a
procedure something like this near expiration time:

0. Generate the new cert.
1. Change your pins directive to include the new and the old public
key fingerprints.
2. Wait long enough for "most, surely?" of your users to have received
the new pins, or for their pins to expire by the normal maxAge means.
3. Decommission the old EE cert and deploy the new.

Maybe that sounds reasonably easy to you, and you just never want to
pin to a signer's public key. That's ok. Our goal with the "you can
pin to any public key(s) in your cert chain" idea was to maximize
flexibility and enable a range of policies and practices, knowing that
one size does not fit all but that all achieve the goal.

You could, of course, also just re-use your old key pair and get it
re-signed, and no need to migrate keys as well as certs. In that case,
no problem. Again, that's fine and one size does not fit all.

v2.23.0 | Report a Bug | By Email