Re: [websec] WGLC for draft-ietf-websec-key-pinning-10
Tom Ritter <tom@ritter.vg> Fri, 07 February 2014 13:13 UTC
Return-Path: <tom@ritter.vg>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AA7E1A1E10 for <websec@ietfa.amsl.com>; Fri, 7 Feb 2014 05:13:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.379
X-Spam-Level:
X-Spam-Status: No, score=-1.379 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yF8HEkw3FtaN for <websec@ietfa.amsl.com>; Fri, 7 Feb 2014 05:13:16 -0800 (PST)
Received: from mail-pb0-x230.google.com (mail-pb0-x230.google.com [IPv6:2607:f8b0:400e:c01::230]) by ietfa.amsl.com (Postfix) with ESMTP id 390311A03BF for <websec@ietf.org>; Fri, 7 Feb 2014 05:13:16 -0800 (PST)
Received: by mail-pb0-f48.google.com with SMTP id rr13so3226072pbb.21 for <websec@ietf.org>; Fri, 07 Feb 2014 05:13:16 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=40+6e1wCouGo8Fy/35iSToqlU7TJ578f7H/wcfoi3wo=; b=AFDxaC2GXFoml4ECXzLMCtA21zHRmy7mAJQDEJnhGR+b4qCEW/EGuzWH4pdSryX5sz eVmpYFXmu+Bp5/U7HdrEJxil6S5CSzFHHWnc+vmBIpaH3QxC1EoyvI0uMm52a+gMk0bf YDDyJASbteyVdY3SLk3txGd89/EeBzh7x5Tvo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=40+6e1wCouGo8Fy/35iSToqlU7TJ578f7H/wcfoi3wo=; b=l228oDySULVGhyKtytOzX3PEUEG60SwG5eBMkZ98oAkhZESRT/qx+OchKveOXPVBOw pFM9Cm18qS4DcAUH1yob+6UU6PsVvfaoWmoP0XEKg88jdsjIwLJc0OqnnVfA4iRJ5PKN VqZUJPyGpCJv+J+0lmvDOpfyjlTxiH2pJHbGZqVP9TxozLu5jh6RLHd9t3A+DPNmtRvg epe4SeGtfJDjmctH0TotfmrCdA4eRBJtaJ2W5ZKMZbRx5XyAoGYYf/TElQcsMDu2Km1I dxb0h6yzU0zCRWR/eTQhm4Ja04NjJ3EUu/6lq5EF+jeI4CY0jW31tQMO/SWmADwLoowP oS5w==
X-Gm-Message-State: ALoCoQkJA+YD7k3m7D8v5sn4SJxvYu6z1/Bf940K6eOTvuxbFrLpPLcUCuE5uNRqxxSBUarsS4lA
X-Received: by 10.66.160.195 with SMTP id xm3mr7664296pab.93.1391778796075; Fri, 07 Feb 2014 05:13:16 -0800 (PST)
MIME-Version: 1.0
Received: by 10.68.211.169 with HTTP; Fri, 7 Feb 2014 05:12:56 -0800 (PST)
In-Reply-To: <64C19E86-86C8-4817-A01B-F9F726096A6C@checkpoint.com>
References: <20140206190106.28263.74604.idtracker@ietfa.amsl.com> <64C19E86-86C8-4817-A01B-F9F726096A6C@checkpoint.com>
From: Tom Ritter <tom@ritter.vg>
Date: Fri, 07 Feb 2014 08:12:56 -0500
Message-ID: <CA+cU71m8tDmKnJw96FBTOxNymZRvAgSCWkTV-PnVxT7kDFFe4w@mail.gmail.com>
To: Yoav Nir <ynir@checkpoint.com>
Content-Type: text/plain; charset="ISO-8859-1"
Cc: IETF WebSec WG <websec@ietf.org>
Subject: Re: [websec] WGLC for draft-ietf-websec-key-pinning-10
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec/>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2014 13:13:17 -0000
" 5. If a PKP header field contains any directive(s) the UA does not recognize, the UA MUST ignore the those directives." Typo. -------- "If a Host sets both the Public-Key-Pins header and the Public-Key- Pins-Report-Only header, the UA MUST NOT enforce Pin Validation, and MUST note only the pins and directives given in the Public-Key-Pins- Report-Only header." I thought we were following the CSP model, where you can enforce one policy, but test a second. -------- Figure 3 shows some example response header fields using the pins extension (folded for clarity). "d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM=" "E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=" Public-Key-Pins: max-age=3000; pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM="; pin-sha256="E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g="; I think some base64 got added accidentally at the top. -------- "UAs MUST NOT heed http-equiv="Public-Key-Pins" attribute settings on <meta> elements [W3C.REC-html401-19991224] in received content." It might be pedantic, but perhaps 'or http-equiv="Public-Key-Pins-Report-Only"'? -------- UAs MUST recognize and "sha256". Typo -------- 'Pins' vs 'pins' Pedantry, but the noun pins is inconsistently capitalized through the document. -------- Reporting Pin Validation Failure The JSON report omits directives (such as max-age and includeSubDomains) that are likely to be relevant. It also omits superfluous certificates included in the chain that can be relevant. (In certificate validation testing, it's common to bypass it by including a superfluous chain that triggers a logic error. This would help diagnose these types of attacks.) -------- "The known-pins are the Pins that the UA has noted for the Known Pinned Host. They are provided as an array of strings with the syntax: known-pin = token "=" quoted-string Figure 6: Known Pin Syntax " I think this needs clarification (or fixing). 'Array of strings' + token=quoted-string. ["pin-sha256="base64==""] obviously doesn't work. An example JSON post would be cool. -------- Public-Key-Pins: pin-sha256="ABC..."; pin-sha256="DEF..."; includeSubDomains Figure 7: example.com Valid Pinning Header To make it 'valid' should it include max-age=123...? -------- "Here are two attack scenarios." You actually list four. (Two of which have empty top-level bullets.) -------- IANA Considerations This omits Public-Key-Pins-Report-Only -tom
- [websec] I-D Action: draft-ietf-websec-key-pinnin… internet-drafts
- [websec] WGLC for draft-ietf-websec-key-pinning-10 Yoav Nir
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Tom Ritter
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Chris Palmer
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Chris Palmer
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Trevor Perrin
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Yoav Nir
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Yoav Nir
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Paul Hoffman
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Tom Ritter
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Tobias Gondrom
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Trevor Perrin
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Yoav Nir
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Yoav Nir
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Tobias Gondrom
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Yoav Nir
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Trevor Perrin
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Trevor Perrin
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Trevor Perrin
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Chris Palmer
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Chris Palmer
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Tom Ritter
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Yoav Nir
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Tobias Gondrom
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Daniel Kahn Gillmor
- [websec] forward compatibility on hash agility fo… Daniel Kahn Gillmor
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Chris Palmer
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Daniel Kahn Gillmor
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Chris Palmer
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Daniel Kahn Gillmor
- Re: [websec] WGLC for draft-ietf-websec-key-pinni… Chris Palmer