Re: [websec] New draft of HTTP header-based public key pinning
Tom Ritter <tom@ritter.vg> Wed, 09 November 2011 00:32 UTC
Return-Path: <tom@ritter.vg>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3736E11E8086 for <websec@ietfa.amsl.com>; Tue, 8 Nov 2011 16:32:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.977
X-Spam-Level:
X-Spam-Status: No, score=-2.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KIYICjrynxOB for <websec@ietfa.amsl.com>; Tue, 8 Nov 2011 16:31:59 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by ietfa.amsl.com (Postfix) with ESMTP id 9C0B611E8081 for <websec@ietf.org>; Tue, 8 Nov 2011 16:31:59 -0800 (PST)
Received: by iaeo4 with SMTP id o4so1478853iae.31 for <websec@ietf.org>; Tue, 08 Nov 2011 16:31:58 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=ZLurUIKWQYBIp+k6DpqsYOedLGIfWKYePfzrOx5wrOQ=; b=L36UMaZyfaEb4THJT+HWT2x5uDOz6pimIY3Kuz9gwACVJ0zyC9Tfv6jwe5Q+uPSi/Z x5Ka+binJYOOXWJ6uuWkhKBR3adSCvM9vv6yOsxQjOoJ7QXkovfE6UnQG+reMgvBvl4U uxILdxJY7s1P+JtND8XjFVliWUpKcvKdmbVjE=
Received: by 10.42.108.136 with SMTP id h8mr51274icp.43.1320798718048; Tue, 08 Nov 2011 16:31:58 -0800 (PST)
MIME-Version: 1.0
Received: by 10.43.44.5 with HTTP; Tue, 8 Nov 2011 16:31:37 -0800 (PST)
In-Reply-To: <CAOuvq21Ne0CWT3Dzn0sutGDBg0K+efZhxmqBZiLuxbO2OwxnFg@mail.gmail.com>
References: <CAOuvq21Ne0CWT3Dzn0sutGDBg0K+efZhxmqBZiLuxbO2OwxnFg@mail.gmail.com>
From: Tom Ritter <tom@ritter.vg>
Date: Tue, 08 Nov 2011 19:31:37 -0500
Message-ID: <CA+cU71kFFpuooyiBTarvLT3VJigZhW0BgpQi1gMTn7zB=sFh+w@mail.gmail.com>
To: Chris Palmer <palmer@google.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: Ian Fette <ifette@google.com>, Chris Evans <cevans@google.com>, IETF WebSec WG <websec@ietf.org>, Wan-Teh Chang <wtc@google.com>
Subject: Re: [websec] New draft of HTTP header-based public key pinning
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2011 00:32:00 -0000
My notes:
I believe the BNF (pseudo-BNF?) is incorrect:
Public-Key-Pins = "Public-Key-Pins" ":" LWS directives
directives = max-age LWS ";" LWS fingerprints
/ fingerprints LWS ";" LWS max-age
max-age = "max-age" LWS "=" LWS delta-seconds
pins = "pins" LWS "=" LWS fingerprints
fingerprints = fingerprint
/ fingerprint "," fingerprints
fingerprint = fp-type "-" base64-digits
fp-type = "sha1"
/ "sha256"
I believe 'directives' should replace "fingerprints" with "pins":
directives = max-age LWS ";" LWS pins
/ pins LWS ";" LWS max-age
================
I think this paragraph is misworded:
UAs MUST have a way for users to clear current pins that were set by
HSTS. UAs SHOULD have a way for users to query the current state of
Pinned Hosts.
Instead of HSTS, should that be "Public Key Pinning"? If not, pins
set during HSTS must be flagged and treated differently - why?
================
Miscellany:
- There is no directive or suggestion to User Agents about saving or
not saving pins received in a private browsing mode. Maybe there
shouldn't be, but if a User-Agent does save them, the same 304/ETag
trick malicious sites use to track users can be created using certs
and subdomains.
- The "Pinning Self-Signed End Entities" section was a bit confusing,
I had to read it a couple times to be sure you were talking about a
server's self-signed cert, and not a client cert.
- The Pin-Break mechanism gets more complicated which each revision.
I know it's being shopped around for both this and the approach to put
pinning in the TLS layer (TACK), but does its removal implies pin
break codes are not intended to go into the final version of this
document, or will it be added later after the first bit is worked out?
Thanks Chris(es)!
-tom
- [websec] New draft of HTTP header-based public ke… Chris Palmer
- Re: [websec] New draft of HTTP header-based publi… Tom Ritter
- Re: [websec] New draft of HTTP header-based publi… Chris Palmer
- Re: [websec] New draft of HTTP header-based publi… Steingruebl, Andy
- Re: [websec] New draft of HTTP header-based publi… Chris Evans
- Re: [websec] New draft of HTTP header-based publi… Yoav Nir
- Re: [websec] New draft of HTTP header-based publi… Julian Reschke
- Re: [websec] New draft of HTTP header-based publi… Adam Barth
- Re: [websec] New draft of HTTP header-based publi… Steingruebl, Andy
- Re: [websec] New draft of HTTP header-based publi… Adam Barth
- Re: [websec] New draft of HTTP header-based publi… Paul Hoffman
- Re: [websec] New draft of HTTP header-based publi… Adam Barth
- Re: [websec] New draft of HTTP header-based publi… Chris Palmer
- Re: [websec] New draft of HTTP header-based publi… Julian Reschke
- Re: [websec] New draft of HTTP header-based publi… Chris Palmer
- Re: [websec] New draft of HTTP header-based publi… Julian Reschke
- Re: [websec] New draft of HTTP header-based publi… Chris Palmer
- Re: [websec] New draft of HTTP header-based publi… Ryan Sleevi
- Re: [websec] New draft of HTTP header-based publi… Chris Palmer