[websec] TACK draft 01

Trevor Perrin <trevp@trevp.net> Wed, 26 September 2012 13:36 UTC

Return-Path: <trevp@trevp.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DEFBC21F8862 for <websec@ietfa.amsl.com>; Wed, 26 Sep 2012 06:36:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jOEeW72vMy5w for <websec@ietfa.amsl.com>; Wed, 26 Sep 2012 06:36:49 -0700 (PDT)
Received: from mail-vc0-f172.google.com (mail-vc0-f172.google.com [209.85.220.172]) by ietfa.amsl.com (Postfix) with ESMTP id 1F2B821F8861 for <websec@ietf.org>; Wed, 26 Sep 2012 06:36:49 -0700 (PDT)
Received: by vcbfl11 with SMTP id fl11so666795vcb.31 for <websec@ietf.org>; Wed, 26 Sep 2012 06:36:48 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:date:message-id:subject:from:to:cc :content-type:x-gm-message-state; bh=iYiexMoIYQOJ0NbJ8C7pqq2Mvigv5FMGCW7u1e7o/Jk=; b=eNbjGHjbfm3hljffa10OUd1sRyBZ+p9EKMkhLkPJAmLnkOVsUI4rWZQhKfF9LJsDWg yh2jSs6GejnzaQTyOYTaj7SuvIjllVqpC8Uhe853Aqz+th0HypIXwtch8tacV0Z7jL1Y sCBHLiHBHk1mmVa5YXNw+BUNhy+A2gPg8TV/hNFDJbcDUcc0qA8UlYjvid5m4tUaq6+w H6yo/wHVVBBTJnAc3EnywALJJqC5NNY0RxZv2MX5QTYWUvqkRGczFreZ0FxkgvMDeDVL 4XuJ0Iu+PMx2NnsU7vGjXZCntr7o2oiaDQjS+2z2RcDTsCSfOkbkldwXRp1Nrx/n93J1 nb7w==
MIME-Version: 1.0
Received: by 10.220.154.6 with SMTP id m6mr253530vcw.51.1348666608497; Wed, 26 Sep 2012 06:36:48 -0700 (PDT)
Received: by 10.52.24.36 with HTTP; Wed, 26 Sep 2012 06:36:48 -0700 (PDT)
X-Originating-IP: [24.215.229.139]
Date: Wed, 26 Sep 2012 09:36:48 -0400
Message-ID: <CAGZ8ZG3-fXNO2f_vRnQFzd3e2gq5YRKVHFq-Uxt=9srRqZGxag@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: tls@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
X-Gm-Message-State: ALoCoQm6uyFNchCzhzsuZ/2tP5YuQc2tht3iBJdBxIpi3FWadjf0StVmRbP9D0wUmbc5JRtvmSGG
Cc: IETF WebSec WG <websec@ietf.org>
Subject: [websec] TACK draft 01
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Sep 2012 13:36:50 -0000

Hi TLS (cc websec),

There's a new TACK draft: http://tools.ietf.org/html/draft-perrin-tls-tack-01

You can find code and other resources at http://tack.io

We'd love to get feedback or answer questions.  We'd also appreciate
advice on whether this should remain an individual submission or would
make sense as a WG document.


Changes
--------
The main change is that we removed break signatures.  Instead, servers
may optionally publish a second tack.  Clients can form two pins for a
hostname.

These changes let a server publish tacks from a new TACK key prior to
deactivating and removing the old key's tacks.  This "rollover" is a
better way to handle a compromised or suspect TACK key because it
preserves any security offered by the old key while the new one is
being introduced.

Other changes:

 * Rewrote "Client processing" to improve clarity.

 * Renamed
   "TACK" structure to "tack"
   "TACK_Extension" to "TackExtension"
   "pin_activation" field to "activation_flags"
   "TACK ID" to "key fingerprint"

 * Simplified error alerts sent by clients (and aligned with RFC 5878)

 * Deleted old section "6.2 Application-specific pinning", which was
too vague to be useful. Added new 6.1 and 6.2 discussing
considerations with different application protocols.

 * Changed server_name extension in ClientHello from SHOULD to SHALL.

 * Tweaked the Advice for Server Operators (8.1) regarding Tack expiration.


Trevor