IETF Logo Mail Archive

Re: [websec] #58: Should we pin only SPKI, or also names

Trevor Perrin <trevp@trevp.net> Tue, 13 August 2013 00:53 UTC

Return-Path: <trevp@trevp.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C3D821E8091 for <websec@ietfa.amsl.com>; Mon, 12 Aug 2013 17:53:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.715
X-Spam-Level:
X-Spam-Status: No, score=-2.715 tagged_above=-999 required=5 tests=[AWL=0.262, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ic+ALHkbT3tc for <websec@ietfa.amsl.com>; Mon, 12 Aug 2013 17:53:13 -0700 (PDT)
Received: from mail-wg0-f46.google.com (mail-wg0-f46.google.com [74.125.82.46]) by ietfa.amsl.com (Postfix) with ESMTP id C238821E8090 for <websec@ietf.org>; Mon, 12 Aug 2013 17:53:08 -0700 (PDT)
Received: by mail-wg0-f46.google.com with SMTP id k13so5960656wgh.1 for <websec@ietf.org>; Mon, 12 Aug 2013 17:53:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=R/JTGrwjZTDIl6RpEIeF+HPTKtIrNRPk3P1q1lbtyOc=; b=ePrWY9J9lRhnp4Ty84dLYWq4MeE4waNVVcaFFi1dg0y8ucnAjkN7yPAPFzDGVMbC4Y Ap2wj3hQwb2SrZHbioE5HRFj1YHTGC7LIcIGY33gEQ3jDhH/n9z/vjJ9dsy2gsfDaUj6 dVH1vGDrGLwolZtzeZqqPYdXU2veZU1MIZG4UBamFVWeddh0gL8pJyH464S+HA6z51CG oXrvE9xVEzkdpifkJLy+BqNAwmlTIQJzXQf2DAi/6l/von77i0S7X5++73cTn18x5Xx1 MhZEuDb96vXcJvH29NDnUYgS9kHoP5C1GzqleX0w4RjGWtV+62XWHEt5rT9MB/GU2ziD a1jg==
X-Gm-Message-State: ALoCoQnmYB/5VDP7J50xV6uqhNrK43LEvp3+j/wrBzAgSDx/MBmEyCvPsX5jcijgdXCdy9A2X7Dh
MIME-Version: 1.0
X-Received: by 10.180.10.202 with SMTP id k10mr977415wib.17.1376355187760; Mon, 12 Aug 2013 17:53:07 -0700 (PDT)
Received: by 10.216.212.9 with HTTP; Mon, 12 Aug 2013 17:53:07 -0700 (PDT)
X-Originating-IP: [50.37.31.184]
In-Reply-To: <52091598.7000306@mozilla.org>
References: <060.be9b0009dc0350ca543f553042673944@trac.tools.ietf.org> <073501ce8c6e$f6c17d90$e44478b0$@digicert.com> <CAMm+LwjdGJC4FHCJ_OAYGRqCGGc0Nz1pLV=yVGK9M9E7drfujQ@mail.gmail.com> <CAOuvq200e9HnPX1w9sZ+e7ipBmdgZdPL5xzKDgcaDpSxz1N=gg@mail.gmail.com> <CAMm+Lwh384YBMXw-BDoxJw+AN4qv8x6GQpF9YK4PW1gQRnadpg@mail.gmail.com> <6125A841-6C85-4858-B37F-C021067F0CFA@checkpoint.com> <2035FF99-A079-4F2F-B4DE-962FE1C1B964@checkpoint.com> <CAOuvq20O9bqHGR-5eKPmasNnWEuNW7ACL7PxM09yoTmmyt1UUg@mail.gmail.com> <CAGZ8ZG2C4uB=4vgH325TWeNW89ne4E_DN0j9ZV0t2AKa1o+x9g@mail.gmail.com> <52089A35.9040103@mozilla.org> <CAGZ8ZG3HUUsQJ63mCqHd_LOq+KSdsVpG7Gibdif5dS4oGLywpA@mail.gmail.com> <52091598.7000306@mozilla.org>
Date: Mon, 12 Aug 2013 17:53:07 -0700
Message-ID: <CAGZ8ZG1GPxOFP-v=kjGVj=7qLv-hYsbfwYweU7k3E3FoyRF-eg@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: Gervase Markham <gerv@mozilla.org>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: websec <websec@ietf.org>
Subject: Re: [websec] #58: Should we pin only SPKI, or also names
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Aug 2013 00:53:19 -0000

On Mon, Aug 12, 2013 at 10:04 AM, Gervase Markham <gerv@mozilla.org> wrote:
> On 12/08/13 17:11, Trevor Perrin wrote:
>> If people hate this, someone should make a proposal for a registry:
>
> Or make a proposal to stick with the current spec, and not pin names :-)

Sure.  But then I'd also like to hear an argument for how this style
of pinning could solve its usability problems and become widespread,
given that Chrome's preloaded version of this attracted only 3 users
in 27 months.


>> Could you explain how these problems would arise?
>>
>> I'm proposing CAs would coordinate with browsers, then inform their
>> customers (websites) which name to use.  A misbehaving CA could inform
>> its customers of a meaningless name, causing browsers to ignore the
>> pin.  But a misbehaving CA could violate its customers' security in
>> other ways.
>
> They would arise via any of the obvious mechanisms this could go wrong,
> e.g.:
>
> * CA fails to communicate with (some subset of) browsers, perhaps the
> small ones, leading to divergent behaviour

Well, either a popular CA communicates its key list to browsers, or it
communicates it to the (thousands? millions?) of websites that would
like to be pinned to that CA.

There's a coordination problem either way.  So pointing out that
browser/CA coordination is a hassle and has some failure modes doesn't
seem a compelling argument against it, given the alternatives.


> * Browser update is not universally accepted, leading to divergent behaviour
>
> Say Foo CA merges with Bar CA, and issues an edict that from now on the
> string "fooca.com" will include the already-deployed root, "Bar CA
> Super-Secure". Six months later, after gnashing their teeth at the delay
> that this process is introducing into their business, they start issuing
> certs from "Bar CA Super-Secure" to Foo CA customers. A site,
> naiveshop.com, is pinned to fooca.com, and buys one of these new certs.
> All naiveshop.com's customers whose browsers are older than 6 months get
> connection failures, and naiveshop.com can't easily detect that this is
> happening, or to how many people.

Coordination between browsers and CAs would have to involve timing
rules.  A browser who has not updated a name/key mapping after some
period of time would have to stop using it, just as browsers stop
using preloaded pins if they're too old.


Trevor

v2.23.0 | Report a Bug | By Email