IETF Logo Mail Archive

Re: [websec] draft-ietf-websec-key-pinning

Yoav Nir <ynir.ietf@gmail.com> Wed, 27 August 2014 10:47 UTC

Return-Path: <ynir.ietf@gmail.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABC821A05D3 for <websec@ietfa.amsl.com>; Wed, 27 Aug 2014 03:47:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7evzb5-hbr_U for <websec@ietfa.amsl.com>; Wed, 27 Aug 2014 03:47:03 -0700 (PDT)
Received: from mail-la0-x232.google.com (mail-la0-x232.google.com [IPv6:2a00:1450:4010:c03::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BBEF1A05D1 for <websec@ietf.org>; Wed, 27 Aug 2014 03:47:03 -0700 (PDT)
Received: by mail-la0-f50.google.com with SMTP id pi18so23812lab.23 for <websec@ietf.org>; Wed, 27 Aug 2014 03:47:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=PrA8OfJwtDgggwSsbpqAoRlhKS6uTd8ZrnC0YWHTwR4=; b=LXll2ODjp1aNGTZdDFORgmV48E2Yb8pwRTKblB7kEgzGUnGpKdQG2M/L7dhnyMDPLy Zv1in/jXhr2vqGm3lxZGYLr2yGA1R2yrIaxurt3vJloslCjU+gNe4QL0AE/VFg3IZAPD S9ccyGxlqvgRJuIvMx2j03W1paTzmBJLum/XINBjlJA7j3Q8jtJCNS21TLqpRONXHJcG dMPmEZM3fIosoO35uKvOcoP3LX9IPX8tJtoToOrh0RpwNgvvCIsigzqzXIhJYZL38aMN ncHwsR/zdOKFR569aFzV/LZvJ3W4mk3F/rGqNZWOtQXLN7bnsZ60jcWPRdIc8i2kGuuK K2GA==
X-Received: by 10.112.221.37 with SMTP id qb5mr31299232lbc.69.1409136421636; Wed, 27 Aug 2014 03:47:01 -0700 (PDT)
Received: from [172.24.249.230] (dyn32-131.checkpoint.com. [194.29.32.131]) by mx.google.com with ESMTPSA id bi5sm25819lbb.18.2014.08.27.03.47.00 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 27 Aug 2014 03:47:00 -0700 (PDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_DB84553F-CCBF-42F9-8BA8-C80C217D10E4"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Yoav Nir <ynir.ietf@gmail.com>
In-Reply-To: <CACvaWvYjVXMsgCzL=mM+F8eS0hcjTqEaR7xYzti4LD4rdpbD1g@mail.gmail.com>
Date: Wed, 27 Aug 2014 13:46:56 +0300
Message-Id: <0EBE1766-612D-442E-B2B1-149D368144D4@gmail.com>
References: <BAY169-DS62B5941BF0A9024964BB0AEEE0@phx.gbl> <CACvaWvYHAmpX0f9_m-sckhWz9tcyWA-sxVR4vP-A5UcAQmnYXA@mail.gmail.com> <BAY169-DS45F1C5036AB09CA44D0BC7AEDF0@phx.gbl> <CA+cU71k-pLD315dzfd_c74QM51c7V2VQkZ26PiXUTqntmESD=A@mail.gmail.com> <CAOuvq20mZkScvPDKjsa1eZ6rdoHxf_+oF=gpaOcvkOTaYhyj6Q@mail.gmail.com> <CA+cU71mW47OvqRNTbw-H7u-F_k6hMv4xr0XcMYAS_V6eE8brwA@mail.gmail.com> <CAOuvq20C+T9Ejf_KUsfPRtUWL7ggCF0UWJZkGr5xGBEkERXeRQ@mail.gmail.com> <BAY169-DS45D73636AA204DEEABC876AEDC0@phx.gbl> <CAOuvq20kCKk=jcXsy_d8C-4Fn-f0zshP6YUPn5N8hsKt7KO7dw@mail.gmail.com> <CAGZ8ZG3KUPAbePp-_GCztj4RSLd8MuNo1iDz=ua+BEjQVzJc7Q@mail.gmail.com> <CA+cU71=A6vFXZrG8mcqj4uC-z2VdJfFOutqcq9MPTYs+uhpa9Q@mail.gmail.com> <CAOuvq22QgGVpsxrsZswqspiP-rgNE6B3vp_6bYDTE5-MrLZdVg@mail.gmail.com> <CA+cU71nN-=TjWZZovMUcTrXMF1gBcYFppnfnsaP7hKw+6AUCLQ@mail.gmail.com> <CAOe4Uim9ZC7MdY1tXhLWFwNxzxorh00bJ3PBsco_H-KxpYh-Dg@mail.gmail.com> <CAGZ8ZG3xoA1w1oEx9F8MuH1PARe5ALU9A1CEXqDXM-JSh_niGg@mail.gmail.com> <CACvaWvYjVXMsgCzL=mM+F8eS0hcjTqEaR7xYzti4LD4rdpbD1g@mail.gmail.com>
To: Ryan Sleevi <sleevi@google.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/websec/zYrsOtRncN_pxSPcx9WKX6DuOHM
Cc: draft-ietf-websec-key-pinning@tools.ietf.org, Eric Lawrence <ericlaw1979@hotmail.com>, "<websec@ietf.org>" <websec@ietf.org>
Subject: Re: [websec] draft-ietf-websec-key-pinning
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Aug 2014 10:47:04 -0000

On Aug 27, 2014, at 3:53 AM, Ryan Sleevi <sleevi@google.com> wrote:

> This seems like it would meaningfully necessitate changes to the security and privacy considerations. In these cases, in specs and in code, my feeling is that less is more desirable, and I agree with Joe's remarks about whether or not PKP-RO meets the goals.
> 
> Chairs, can you provide feedback on how to progress  with such significant changes based on post-WGLC feedback: either the removal of or the changing definition of PKP-RO.
> 
I thought I did, but to re-iterate: We are past WGLC. More importantly, we are past IETF LC, and in the middle of IESG evaluation.

At this stage, we can make editorial changes, but we cannot make significant changes on our own. We can withdraw the request to publish, and take it back to the working group, but I think that would be inadvisable.

I think we should proceed, making only editorial changes, and changes resulting from discussion with IESG members.

Yoav
(with chair hat on)

v2.23.0 | Report a Bug | By Email