Re: [websec] #59: Is the interaction between pre-loaded pins and dynamic pins clear?
Trevor Perrin <trevp@trevp.net> Mon, 12 August 2013 05:59 UTC
Return-Path: <trevp@trevp.net>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D5A721F9E73 for <websec@ietfa.amsl.com>; Sun, 11 Aug 2013 22:59:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.64
X-Spam-Level:
X-Spam-Status: No, score=-2.64 tagged_above=-999 required=5 tests=[AWL=0.337, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JhOfOM4Y+nXw for <websec@ietfa.amsl.com>; Sun, 11 Aug 2013 22:58:59 -0700 (PDT)
Received: from mail-wg0-f41.google.com (mail-wg0-f41.google.com [74.125.82.41]) by ietfa.amsl.com (Postfix) with ESMTP id D51B521F99EC for <websec@ietf.org>; Sun, 11 Aug 2013 22:53:09 -0700 (PDT)
Received: by mail-wg0-f41.google.com with SMTP id l18so1252142wgh.2 for <websec@ietf.org>; Sun, 11 Aug 2013 22:53:08 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=Vc5/TwqAp1UxMN5YGPBoVXd7RneiYjsWzULfZfY8BSo=; b=TASmJGmXCn1zxXkNambHpEbSauxsvESFsROnzLfiUnpST7ec8fOXLWV8mZpPumsLn1 sbljtuLCU8aOK4QBovIjYTMZtl7TUaLD2Lr+EeHiBV43RWdOQ82qpNmXannTVbzM9XLF OekxsBnGjml1rKarMP3H31BZKbh4/CjiedlrRYbXdAHWWf5gcheebLBrzSN6G9vsvcF0 ZnIfsw88Kv0oDnBR04bgySRGo/1QglYLQL7JDmiYsro3lBMIS1n7SXJcGZF4Tq35+/25 srhuR1gkb5uquUl0RebZnsj2e9KO3ILm/Zhr4U32Hxr/YUfcMbLRstPKwn/QpGqWTo35 trrA==
X-Gm-Message-State: ALoCoQljRUefdIzcUiI6HTEWPip4lkPXbD9gt4DbyzythKi0W/GImubc/Uo/P24codwReN9iE2Yr
MIME-Version: 1.0
X-Received: by 10.180.189.104 with SMTP id gh8mr5569872wic.48.1376286788699; Sun, 11 Aug 2013 22:53:08 -0700 (PDT)
Received: by 10.216.212.9 with HTTP; Sun, 11 Aug 2013 22:53:08 -0700 (PDT)
X-Originating-IP: [50.37.31.184]
In-Reply-To: <075.0f4969841dac1b1f46b0e46c52d2aa85@trac.tools.ietf.org>
References: <060.baff63c76c3965bf04b0fab1f8cc5ab7@trac.tools.ietf.org> <075.0f4969841dac1b1f46b0e46c52d2aa85@trac.tools.ietf.org>
Date: Sun, 11 Aug 2013 22:53:08 -0700
Message-ID: <CAGZ8ZG2cNA=yNp=sQmrNtZYZuGyyp8vByB8OUbYgNyv4q7c7QQ@mail.gmail.com>
From: Trevor Perrin <trevp@trevp.net>
To: websec issue tracker <trac+websec@trac.tools.ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: draft-ietf-websec-key-pinning@tools.ietf.org, IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] #59: Is the interaction between pre-loaded pins and dynamic pins clear?
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Aug 2013 05:59:05 -0000
On Sun, Aug 11, 2013 at 1:55 PM, websec issue tracker <trac+websec@trac.tools.ietf.org> wrote: > #59: Is the interaction between pre-loaded pins and dynamic pins clear? Still needs discussion, in particular: * Preloaded pin stores will be periodically updated, which means browsers will need to handle "backdated" pins, i.e. pins that are received *after* other HPKP observations but have an "Effective Pin Date" which is earlier. To handle these in accordance with 2.7 requires browsers to remember "un-pinning" observations (expired pins, max-age=0, or nonexistent HPKP headers). This is sufficiently complex that the spec needs some treatment of it. * 2.7 mandates that the most recent observation from any source MUST take priority. Browsers would not be allowed to implement other priority rules, such as prioritizing one source over another, prioritizing fail-open or fail-closed behavior, or anything else. I believe this is overly restrictive. Some browsers might prefer different policies, e.g. simpler policies that don't require tracking "un-pinning" data. When I brought these points up earlier, the two responses were supportive of loosening the rules in 2.7. I hadn't responded to Yoav's latest query because I'm overloaded with HPKP discussion, and assumed everyone else was too. So I suggest we keep this open, and revisit once other discussions quiet down. Trevor
- [websec] #59: Is the interaction between pre-load… websec issue tracker
- Re: [websec] #59: Is the interaction between pre-… Yoav Nir
- Re: [websec] #59: Is the interaction between pre-… websec issue tracker
- Re: [websec] #59: Is the interaction between pre-… Trevor Perrin
- Re: [websec] #59: Is the interaction between pre-… websec issue tracker