IETF Logo Mail Archive

Re: [websec] Decouple HSTS's two orthogonal effects?

Adam Barth <ietf@adambarth.com> Tue, 29 March 2011 20:57 UTC

Return-Path: <ietf@adambarth.com>
X-Original-To: websec@core3.amsl.com
Delivered-To: websec@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 1A8173A6A2E for <websec@core3.amsl.com>; Tue, 29 Mar 2011 13:57:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.794
X-Spam-Level:
X-Spam-Status: No, score=-2.794 tagged_above=-999 required=5 tests=[AWL=0.183, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 71pyiSI50lfu for <websec@core3.amsl.com>; Tue, 29 Mar 2011 13:57:01 -0700 (PDT)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by core3.amsl.com (Postfix) with ESMTP id BFDB13A68FF for <websec@ietf.org>; Tue, 29 Mar 2011 13:57:01 -0700 (PDT)
Received: by qwg5 with SMTP id 5so472315qwg.31 for <websec@ietf.org>; Tue, 29 Mar 2011 13:58:39 -0700 (PDT)
Received: by 10.229.69.213 with SMTP id a21mr287419qcj.222.1301432319747; Tue, 29 Mar 2011 13:58:39 -0700 (PDT)
Received: from mail-qw0-f44.google.com (mail-qw0-f44.google.com [209.85.216.44]) by mx.google.com with ESMTPS id l17sm3682477qck.32.2011.03.29.13.58.38 (version=SSLv3 cipher=OTHER); Tue, 29 Mar 2011 13:58:38 -0700 (PDT)
Received: by qwg5 with SMTP id 5so472292qwg.31 for <websec@ietf.org>; Tue, 29 Mar 2011 13:58:38 -0700 (PDT)
Received: by 10.224.140.6 with SMTP id g6mr381950qau.14.1301432318074; Tue, 29 Mar 2011 13:58:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.224.89.83 with HTTP; Tue, 29 Mar 2011 13:58:08 -0700 (PDT)
In-Reply-To: <4D92317B.6020804@fifthhorseman.net>
References: <4D92317B.6020804@fifthhorseman.net>
From: Adam Barth <ietf@adambarth.com>
Date: Tue, 29 Mar 2011 13:58:08 -0700
Message-ID: <BANLkTinGEt42DM1NqbrjOfdqTqLUjnQ5KQ@mail.gmail.com>
To: websec@ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: Re: [websec] Decouple HSTS's two orthogonal effects?
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Mar 2011 20:57:03 -0000

There's no coupling between HSTS and the particular algorithm a UA
uses to verify certificates.  The UA is free to use whatever
verification mechanism it desires.  You can remove whatever CAs you
consider sloppy from the list of trusted certificate authorities and
add in whatever other verification mechanism you like.

For example, if/when certificate verification through DNSSEC becomes
widespread, we won't need to change anything about the HSTS spec.  Of
course, we'll need to change our implementations, but that's true
regardless of what the HSTS spec says.

Adam


On Tue, Mar 29, 2011 at 12:22 PM, Daniel Kahn Gillmor
<dkg@fifthhorseman.net> wrote:
> (sorry for breaking the thread -- i'm only recently subscribed, and i
> don't see a way to extract the message-id from the archives:
> https://www.ietf.org/mail-archive/web/websec/current/msg00282.html
> so i can't add a References: header)
>
> FWIW, the coupling of the two orthogonal requirements for HSTS has the
> effect of further entrenching the current (broken) CA model by making it
> more difficult for alternate certificate verification models (e.g. TOFU,
> corroborative certification, etc) to work with HSTS-enabled sites.
>
> For example, the monkeysphere project (i'm a contributor to it) is now
> seeing difficulty providing alternate certificate verification on
> HSTS-enabled sites:
>
>  https://labs.riseup.net/code/issues/2852
>
> As a monkeysphere developer, as someone interested in security on the
> 'net, and as someone critical of the social/economic dynamics of the
> current CA cartel, i think that the tight coupling of the two orthogonal
> effects within HSTS has an overall negative effect.
>
> Concretely, it makes it *more* difficult for security-conscious users to
> remove known-sloppy CAs from their trusted-root lists, whether they
> choose to rely on a TOFU approach, Perspectives-style notaries,
> corroborative certification via OpenPGP, etc.
>
> HSTS can do a lot of good just by fixing the trivial protocol-downgrade
> (HTTPS->HTTP, e.g. sslstrip, cookie-stealing via spoofed plaintext img
> src, etc) attack for sites that indicate it.
>
> By forcing websites to also buy into (and thereby support) the CA
> cartel, we're asking site operators to decide on a tradeoff between (a)
> losing protection against protocol downgrade and (b) encouraging their
> users to rely on a known-insecure cartel.
>
> I think this is a poor tradeoff, and would like to see these choices
> de-coupled.
>
> If there is no consensus about de-coupling the effects in HSTS directly,
> I'd like to propose an additional STS directive:
>
> ; defined STS directives
> STS-d-cur  = maxAge / includeSubDomains
>
> would become
>
> ; defined STS directives
> STS-d-cur  = maxAge / includeSubDomains / alternateCertModels
>
> The presence of the alternateCertModels directive would allow User
> Agents to validate the certificate via other means than the traditional
> (vulnerable) X.509 chaining to the
> weakest-link-of-the-huge-pile-of-root-CAs (e.g. via existing user-driven
> certificate exceptions or browser extensions relying on the same mechanism).
>
> Any thoughts?
>
>
>        --dkg
>
>
> _______________________________________________
> websec mailing list
> websec@ietf.org
> https://www.ietf.org/mailman/listinfo/websec
>
>

v2.23.0 | Report a Bug | By Email