IETF Logo Mail Archive

Re: [websec] AD review of draft-ietf-websec-key-pinning-17

Barry Leiba <barryleiba@computer.org> Fri, 04 July 2014 13:46 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 083C31B2937 for <websec@ietfa.amsl.com>; Fri, 4 Jul 2014 06:46:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wpPrhdeSvNiI for <websec@ietfa.amsl.com>; Fri, 4 Jul 2014 06:46:27 -0700 (PDT)
Received: from mail-la0-x22d.google.com (mail-la0-x22d.google.com [IPv6:2a00:1450:4010:c03::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 520931B27B0 for <websec@ietf.org>; Fri, 4 Jul 2014 06:46:27 -0700 (PDT)
Received: by mail-la0-f45.google.com with SMTP id hr17so1188055lab.4 for <websec@ietf.org>; Fri, 04 Jul 2014 06:46:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=NKA6zKnTdmAsvjpwebfk8+g+rsTOyPDbbLvJBkBFkP0=; b=sWwZyuPO4o/nnLUA6TLrlRh0O9EF4dc/Lwh3n/dkkf2AWNgg1DYc1Fvy0LVXN00rbw PXUxaruRzGVFzrOGv4CmUeclPJmzwXdlagsbiV/f9+G2kndLxVlD3eyGjyAAx+sM3Boc 6IcFQXbuydwW1WVKPyo5rLA/d1q9YAEWosW7IF3hEexYxU31eYsKj1Di96NXDptDvmNB oRESQiaPKkB0zoHuk5ANicdVHnHBdzDpTE/Cp7UGIJ3yb9mx58SK+gX01HzhmNqbhzZC 8ups/2JZkvytw4OUZxrcqKK02b2MjWcUJb9mc5Fp6thfJwRRDbvwwllTjmm9rjSnYsWU Yn8A==
MIME-Version: 1.0
X-Received: by 10.112.134.97 with SMTP id pj1mr8089760lbb.9.1404481585615; Fri, 04 Jul 2014 06:46:25 -0700 (PDT)
Sender: barryleiba@gmail.com
Received: by 10.152.104.80 with HTTP; Fri, 4 Jul 2014 06:46:25 -0700 (PDT)
In-Reply-To: <CAOuvq21C=N7pd4d6RC2BCyCL6Ka9M91FTEBVeDXVx2-h_KjtUA@mail.gmail.com>
References: <CALaySJLWny1EBpre_v_A80XTX2n0tSs1s7tXdh7z_joTHGNU6w@mail.gmail.com> <CAOuvq21C=N7pd4d6RC2BCyCL6Ka9M91FTEBVeDXVx2-h_KjtUA@mail.gmail.com>
Date: Fri, 04 Jul 2014 09:46:25 -0400
X-Google-Sender-Auth: DE802j95Y7ypi64DViCwgnlLqAk
Message-ID: <CALaySJKm00_BDqdRZHk5o808LaZNVVSxGr+8oegZ9ucPGoN1YQ@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Chris Palmer <palmer@google.com>
Content-Type: text/plain; charset="ISO-8859-1"
Archived-At: http://mailarchive.ietf.org/arch/msg/websec/zBtvSa2eiwGKfdz0MmVL-izWuvQ
Cc: draft-ietf-websec-key-pinning.all@tools.ietf.org, "websec@ietf.org" <websec@ietf.org>
Subject: Re: [websec] AD review of draft-ietf-websec-key-pinning-17
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Jul 2014 13:46:29 -0000

Hey, Chris.  Thanks for all the changes, and after I send this message
I'll request last call.  I think I'll make it a four-week last call,
because there won't be a telechat we can put it on until after that
anyway, so we might as well give people time during and after the IETF
meeting to comment.

The only thing we still have in contention is the UI advice, and I'm
not going to let that hold anything up at this point.  Further
comments:

>>    The UA SHOULD indicate to
>>    users that the Host is no longer a Known Pinned Host.
>>
>> On the last sentence, though, I'm really unsure: are we really giving
>> UI advice in a protocol document?  Is that a good idea?  Do w have any
>> sense that my mother will have the first idea what you're talking
>> about when you indicate this to her?
>
> We feel that the minimal UI currently implemented in Chrome is
> necessary for at least developers, operators, and organizational IT
> staff to debug and generally cope with pinning. (In Chrome, visit
> https://pinningtest.appspot.com/ and chrome://net-internals/#hsts.) By
> "users" we mean not only non-technical people, but technical people
> also. It is indeed likely to be the case that non-technical users will
> never see any of this UI or care about pinning, but site operators
> certainly will.
>
> Additionally, we want to leave open the possibility that pinning
> status could be exposed to users in some way. For example, we expose
> Certificate Transparency status in Chrome: Click on the Lock icon to
> bring up what we call the Page Info Bubble, then click the Connection
> tab. The phrase "...does [not] have public audit records" is our CT
> UI. Obviously, this is more "technical user-facing", but that such
> indicators may be important for pinning as they are for CT.
>
> That said, I am open to softening the language further.

On this, as well as the other points of UI advice (Section 2.7, at
least; I don't remember whether any others remain), I still think it's
not a good idea for the protocol spec to give UI advice, but I'm OK
with leaving it in if we don't use 2119 language for it.  2119 is
specifically for protocol interoperability issues.  So let's make the
SHOULDs be "should"s, and then see if anyone else raises an issue with
that.

>> -- Section 2.1.3 --
>> What does it mean to use POST on a URI that isn't http or https?  What
>> do you do with a wss URI, for example?
>
> I don't think we've considered that. Perhaps we should simply specify
> HTTP or HTTPS.

That's probably best, if we're not sure of the answer.  You can say
that extensions to this can specify how key pinning is used with other
protocols.

>>    Because having a backup key pair is so important to recovery, UAs
>>    MUST require that hosts set a Backup Pin. (See Section 2.5.)
>>
>> Unless I misunderstand, this requirement means that if my server
>> doesn't send a backup pin, my server doesn't benefit from key pinning
>> (it's as though I never included the header in the first place).  If
>> that's not true, then Section 2.5 needs to be fixed to make it clear
>> that failure to include a backup pin constitutes a validation failure.
>>
>> If that is true, then you're trading off recovery for security, and I
>> expect the Security ADs to question that.  To head that off, it might
>> be good to acknowledge that here, and perhaps to say a few more words
>> about it.
>
> Correct. We discussed this at length during the drafting of the
> specification, and I'm happy with where we ended up. We are trading
> off availability vs. extra-bonus-strong authentication. For pinning to
> be viable in the topsy-turvy world of the internet, we have to do
> something to help site operators from inadvertantly DoSing themselves.
> The Backup Pin requirement gives us that, and also serves as a way for
> the UA (which knows very little) to make some minimal run-time
> determination of site operator maturity.

OK.  Enough said on this, then -- leave it as it is.

So: I'll wait a couple of hours to give you time to post one more
revision, if you want to make the changes above.  Whether or not you
do, I'll request the last call then.  (Please don't post a revision
after you see the last call requested... we can save the changes for
later, at that point.)

Again, thanks for all the work on this!

Barry

v2.29.0 | Report a Bug | By Email | System Status