IETF Logo Mail Archive

Re: [websec] #58: Should we pin only SPKI, or also names

Gervase Markham <gerv@mozilla.org> Wed, 07 August 2013 10:47 UTC

Return-Path: <gerv@mozilla.org>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C4E7D21F9AA7 for <websec@ietfa.amsl.com>; Wed, 7 Aug 2013 03:47:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.612
X-Spam-Level:
X-Spam-Status: No, score=-2.612 tagged_above=-999 required=5 tests=[AWL=-0.065, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_COM=0.311, RCVD_IN_DNSWL_LOW=-1, SARE_RMML_Stock10=0.13]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z9sD+NziM7-z for <websec@ietfa.amsl.com>; Wed, 7 Aug 2013 03:47:22 -0700 (PDT)
Received: from smtp.mozilla.org (mx1.corp.phx1.mozilla.com [63.245.216.69]) by ietfa.amsl.com (Postfix) with ESMTP id 6111521E80D7 for <websec@ietf.org>; Wed, 7 Aug 2013 03:47:18 -0700 (PDT)
Received: from [192.168.0.22] (cpc2-enfi16-2-0-cust610.hari.cable.virginmedia.com [94.170.82.99]) (Authenticated sender: gerv@mozilla.org) by mx1.mail.corp.phx1.mozilla.com (Postfix) with ESMTPSA id AD89AF212C; Wed, 7 Aug 2013 03:47:16 -0700 (PDT)
Message-ID: <520225B3.5040701@mozilla.org>
Date: Wed, 07 Aug 2013 11:47:15 +0100
From: Gervase Markham <gerv@mozilla.org>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: Trevor Perrin <trevp@trevp.net>
References: <060.be9b0009dc0350ca543f553042673944@trac.tools.ietf.org> <073501ce8c6e$f6c17d90$e44478b0$@digicert.com> <CAMm+LwjdGJC4FHCJ_OAYGRqCGGc0Nz1pLV=yVGK9M9E7drfujQ@mail.gmail.com> <CAOuvq200e9HnPX1w9sZ+e7ipBmdgZdPL5xzKDgcaDpSxz1N=gg@mail.gmail.com> <CAMm+Lwh384YBMXw-BDoxJw+AN4qv8x6GQpF9YK4PW1gQRnadpg@mail.gmail.com> <6125A841-6C85-4858-B37F-C021067F0CFA@checkpoint.com> <2035FF99-A079-4F2F-B4DE-962FE1C1B964@checkpoint.com> <CAGZ8ZG2Ex9Cvft38zSQX5Hcu3hU40HOjpAM+9fCG=JgBJM55Qg@mail.gmail.com> <520214F7.8020308@mozilla.org> <CAGZ8ZG2N7NBUvjYQVw=CKgnq1KG5JfeN9hZU2-DSKT6OFmBVFg@mail.gmail.com> <52021982.8030108@mozilla.org> <CAGZ8ZG2OCCziSn-WtFGdCGnFEVTFz=9truK6kkFkF3pq1TEyNA@mail.gmail.com>
In-Reply-To: <CAGZ8ZG2OCCziSn-WtFGdCGnFEVTFz=9truK6kkFkF3pq1TEyNA@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Cc: websec <websec@ietf.org>
Subject: Re: [websec] #58: Should we pin only SPKI, or also names
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Aug 2013 10:47:27 -0000

On 07/08/13 11:14, Trevor Perrin wrote:
>> Yes; this would need to be metadata associated with each cert in the
>> root store. It would need to be added when roots were added.
> 
> I was imagining a table which is indexed by CA names, and which maps a
> CA name to a corresponding list of key hashes.  These hashes might
> correspond to certs in the root store or they might not (e.g., they
> might correspond to intermediates).

While others disagree, I think that any attempt by browsers to include
information about intermediates in root stores will fail, because
intermediates change much more frequently than roots do. The
administration would be complex, and the update/outdatedness issues severe.

I would not predicate this scheme on browsers shipping a list of
intermediate hashes. And I would think you would want to get buy-in from
the major browser vendors that they are happy to take on the task of
maintaining such a table in order to get the gain of being able to
replace cert hashes with names.

>> What happens if a CA requests a change to this mapping? This might
>> violate the expectations of some users as to which keys they were pinning.
> 
> When a pinned CA wants to introduce a new root, it would need to
> update the mapping and wait for the update to propagate before using
> the new root to sign certs.

Right - but users who were trusting "FooCA" would now be trusting a root
they didn't know they were trusting.

What happens if two CAs merge, and the acquiring CA wants to have all
the roots of the acquired CA now under its brand?

> Anyways, if users want to be pinned to a specific key, they should pin
> to that key directly.  If they're pinned to a name, they're trusting
> the CA and browser vendor to keep the mapping updated in a sensible
> way.

My concern is that this is an abstraction to make things work for people
who don't want to think too hard about PKI, but that the abstraction is
leaky, and will result in the violation of assumptions. I haven't spent
too much time thinking about this and I've already thought of a few.

Gerv

v2.23.0 | Report a Bug | By Email