IETF Logo Mail Archive

Re: [websec] Key pinning for DSA keys with inherited domain params

Phillip Hallam-Baker <hallam@gmail.com> Tue, 13 December 2011 12:56 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D9DC21F8ABD for <websec@ietfa.amsl.com>; Tue, 13 Dec 2011 04:56:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.091
X-Spam-Level:
X-Spam-Status: No, score=-2.091 tagged_above=-999 required=5 tests=[AWL=0.907, BAYES_00=-2.599, HTML_MESSAGE=0.001, J_CHICKENPOX_46=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c00s7seUXqQP for <websec@ietfa.amsl.com>; Tue, 13 Dec 2011 04:56:31 -0800 (PST)
Received: from mail-gx0-f172.google.com (mail-gx0-f172.google.com [209.85.161.172]) by ietfa.amsl.com (Postfix) with ESMTP id D490721F854E for <websec@ietf.org>; Tue, 13 Dec 2011 04:56:30 -0800 (PST)
Received: by ggnk5 with SMTP id k5so7645626ggn.31 for <websec@ietf.org>; Tue, 13 Dec 2011 04:56:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=gfLdsD6HWnB0ThUuCWoe3FltZrIUdorE/PD79lTo920=; b=Et75mVeemrwBLWaP0nm59Gz+YTxxTAFIMv3RBU+3EO6Aw794/K66KT9Kojc6QQVz5C i7mSoOJS3MaQ/ePumONIdpccVbuzc9BcgmjbscvSfB+PNaNl7xJvOpw5i/tgYcKr4Dm9 9b9dixeTKjlBkyC2OW66YDaem+rzLB12rRMss=
MIME-Version: 1.0
Received: by 10.182.41.98 with SMTP id e2mr132714obl.77.1323780989395; Tue, 13 Dec 2011 04:56:29 -0800 (PST)
Received: by 10.182.160.72 with HTTP; Tue, 13 Dec 2011 04:56:29 -0800 (PST)
In-Reply-To: <D36CA259-5E25-41A4-A3BE-765636D7C491@checkpoint.com>
References: <76E2AAC7-2070-4C98-B0EE-08BE5D2B0CB9@team.telstra.com> <CAL9PXLz7fVbH5SC0X1G+uj_-BZKW=Gj5L1zQbxX8398e+e2t6g@mail.gmail.com> <CAOuvq213m-KNTenfNLi1nknj1KPa4O_m7yAXpDtX7NaDiMraWA@mail.gmail.com> <CAOuvq22Y0Ame2BGZuPM_YsYztQB0en=5+btQVg5C9p-Hk4V67g@mail.gmail.com> <D36CA259-5E25-41A4-A3BE-765636D7C491@checkpoint.com>
Date: Tue, 13 Dec 2011 07:56:29 -0500
Message-ID: <CAMm+LwhP9_ZUP0j-JtQGVwbcCMTZ7TZ4AHFLJJNCHK4S8fpXGw@mail.gmail.com>
From: Phillip Hallam-Baker <hallam@gmail.com>
To: Yoav Nir <ynir@checkpoint.com>
Content-Type: multipart/alternative; boundary="f46d0444eccda221d204b3f8c730"
Cc: "websec@ietf.org" <websec@ietf.org>
Subject: Re: [websec] Key pinning for DSA keys with inherited domain params
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2011 12:56:32 -0000

DSA is unlikely to be widespread enough to cause problems.

But I cannot be confident that the same problem is not going to appear with
ECC parameters. (sorry for the double negative).


I don't like a solution for pinning that depends on the CA delivering the
'right' sort of cert. I would prefer to add in a second hash over the
parameter values or specify them explicitly in the pin or to have the hash
be over what the values would be if completely specified in the Key Info.


On Tue, Dec 13, 2011 at 1:11 AM, Yoav Nir <ynir@checkpoint.com> wrote:

> True. I don't expect DSA to ever become viable enough to worry about.  I
> think if you ran the same select for ECDSA, you would come up with zero,
> but there is some expectation of that changing in the long run.
>
> By now all the major browsers except Opera support ECDSA, so we might be
> seeing some of those when websites feel it's safe to abandon the
> IE6-on-Windows-XP and old Macs.
>
> On Dec 13, 2011, at 2:55 AM, Chris Palmer wrote:
>
> > Of these, the handful that I spot-checked are all either down,
> > expired, or have been replaced with certificates for RSA keys.
> >
> > On Mon, Dec 12, 2011 at 4:37 PM, Chris Palmer <palmer@google.com> wrote:
> >> Also, FWIW, from the EFF SSL Observatory:
> >>
> >> mysql> select distinct `Subject Public Key Info:Public Key Algorithm`
> >> from valid_certs;
> >> +----------------------------------------------+
> >> | Subject Public Key Info:Public Key Algorithm |
> >> +----------------------------------------------+
> >> |  rsaEncryption                               |
> >> |  dsaEncryption                               |
> >> +----------------------------------------------+
> >> 2 rows in set (4.09 sec)
> >>
> >> mysql> select count(*) from valid_certs where `Subject Public Key
> >> Info:Public Key Algorithm` like '%dsa%';
> >> +----------+
> >> | count(*) |
> >> +----------+
> >> |       25 |
> >> +----------+
> >> 1 row in set (3.26 sec)
>
> _______________________________________________
> websec mailing list
> websec@ietf.org
> https://www.ietf.org/mailman/listinfo/websec
>



-- 
Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email