Re: [websec] Gen-art LC review of draft-ietf-websec-key-pinning-19

Elwyn Davies <> Sat, 30 August 2014 18:43 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 919671A06E3; Sat, 30 Aug 2014 11:43:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -100.502
X-Spam-Status: No, score=-100.502 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qY5gE21Wt9xU; Sat, 30 Aug 2014 11:42:59 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 0726C1A06DA; Sat, 30 Aug 2014 11:42:58 -0700 (PDT)
X-SBRS: None
X-MUA: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
X-IP-BHB: Once
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.04,432,1406588400"; d="scan'208";a="121199994"
X-IP-Direction: OUT
Received: from (HELO []) ([]) by with ESMTP/TLS/DHE-RSA-AES128-SHA; 30 Aug 2014 19:42:58 +0100
Message-ID: <>
Date: Sat, 30 Aug 2014 19:42:55 +0100
From: Elwyn Davies <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: Chris Palmer <>
References: <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Sat, 30 Aug 2014 14:34:26 -0700
Cc:, General area reviewing team <>, IETF WebSec WG <>
Subject: Re: [websec] Gen-art LC review of draft-ietf-websec-key-pinning-19
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 30 Aug 2014 18:43:02 -0000

Hi, Chris.

A couple of remaining points and a couple of nits/queries in the fixes.

I have deleted the items that we are agreed on below and added comments 
in line.

New nits:
s2.6, next to last para: s/previous/previously/

s4, lasta para:
> and indeed MUST pin to issuers not in the chain

Is this a requirements MUST?  The protocol will be quite happy and 
implementers can't (at least I don't think) they can check if the host 
leaves it out.  This is operational advice (admittedly highly relevant) 
but still advice I think.

On 25/08/14 21:23, Chris Palmer wrote:
> On Mon, Aug 11, 2014 at 8:08 AM, Elwyn Davies <> wrote:

>> Ok.  Accepting that the host is expected normally to send the headers on all
>> responses, when SHOULD it not send the headers? (from the previous comments
>> a server that knows it is not multiplexed might be a candidate - or if it
>> knows it has already responded on this connection?)
> I think it's easiest and simplest for servers to simply always send the headers.

Having thought about this a bit, I don't think this text fully reflects 
what is going on in the server.  If I understand correctly, we have:
- Server has a policy that it wants to be pinned if it can be 
(presumably this ought to be configurable in the server).
- When a client sends a request over a new secure connection and the 
policy says 'be pinned', the server sends back pinning header(s) in the 
- Thereafter, it MAY for simplicity send pinning headers in all 
subsequent responses on the connection. Alternatively it can do 
something intelligent and not bother sending the headers if it is the 
same connection - but of course this probably means a layer violation.

Thought: Does it make any difference if the client doesn't accept the 
pin? Should success or failure be logged?  Should the host always keep 
sending the headers if the client didn't accept the pin on the first
exchange (is this a possible symptom of a MITM?)?

2.2.1.  HTTP-over-Secure-Transport Request Type

    When replying to an HTTP request that was conveyed over a secure
    transport, a Pinned Host SHOULD include in its response exactly one
    PKP header field, exactly one PKP-RO header field, or one of each.

2.2.1.  HTTP-over-Secure-Transport Request Type

    If a host has a policy of becoming a Pinned Host whenever possible,
    then on replying to an initial HTTP request that was conveyed over a
    secure transport, a host intending to become Pinned Host includes in
    its response exactly one PKP header field, exactly one PKP-RO header
    field, or one of each.  The host MAY include the same header(s)
    with any subsequent responses using the same connection.


>>>>> Also there may be some of the questions in s8.3.1 of RFC 7231 that need
>>>>> specific answers.
>> There are still some of the questions that ought to be explicitly answered.
> To me, the only questions that might not have obvious answers are:
>     o  Whether the header field is useful or allowable in trailers (see
>        Section 4.1 of [RFC7230]).
> Surely not? For the same reason we don't want it in meta http-equiv.
>     o  Whether the header field ought to be preserved across redirects.
> Surely not?
> Any others?

The point was that I guess you ought to explicitly say "not" in each case.


> Changes visible at
> I won't push
> a version 21 until I've gone through the rest of the incoming email.
> Thank you!