IETF Logo Mail Archive

[websec] Consensus call: Issue #57 (max-max-age)

Yoav Nir <ynir@checkpoint.com> Tue, 07 May 2013 07:13 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: websec@ietfa.amsl.com
Delivered-To: websec@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2422C21F8B65 for <websec@ietfa.amsl.com>; Tue, 7 May 2013 00:13:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.11
X-Spam-Level:
X-Spam-Status: No, score=-9.11 tagged_above=-999 required=5 tests=[BAYES_05=-1.11, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DvkxryFyIiZq for <websec@ietfa.amsl.com>; Tue, 7 May 2013 00:13:31 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id EF3EB21F919A for <websec@ietf.org>; Tue, 7 May 2013 00:13:30 -0700 (PDT)
Received: from DAG-EX10.ad.checkpoint.com ([194.29.34.150]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r477DSZq005558 for <websec@ietf.org>; Tue, 7 May 2013 10:13:28 +0300
X-CheckPoint: {5188A810-5-1B221DC2-1FFFF}
Received: from IL-EX10.ad.checkpoint.com ([169.254.2.54]) by DAG-EX10.ad.checkpoint.com ([169.254.3.48]) with mapi id 14.02.0342.003; Tue, 7 May 2013 10:13:28 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: IETF WebSec WG <websec@ietf.org>
Thread-Topic: Consensus call: Issue #57 (max-max-age)
Thread-Index: AQHOSvJfUWwKnsbs2U6hMAgGMyNIfA==
Date: Tue, 07 May 2013 07:13:28 +0000
Message-ID: <43C5DE99-43EB-42FC-8F61-24F9A9429FD1@checkpoint.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.21.134]
x-kse-antivirus-interceptor-info: scan successful
x-kse-antivirus-info: Clean
x-cpdlp: 11f7b738ec3014da93af32572ca8c3b9ef03467bb1
Content-Type: text/plain; charset="Windows-1252"
Content-ID: <9A4162343691C641AC4EED8AAADE0A3B@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: [websec] Consensus call: Issue #57 (max-max-age)
X-BeenThere: websec@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Web Application Security Minus Authentication and Transport <websec.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/websec>, <mailto:websec-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/websec>
List-Post: <mailto:websec@ietf.org>
List-Help: <mailto:websec-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/websec>, <mailto:websec-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 May 2013 07:13:36 -0000

Hi folks

We think it's time to move on with Key Pinning, as there haven't been substantial issues raised in months.  The one outstanding contentious issue is the one in the subject: http://trac.tools.ietf.org/wg/websec/trac/ticket/57

We've heard the argument that allowing pins to exist for indefinitely long can cause a site to be bricked for that period because of simple mistakes like changing certificate vendor or changing ownership of the domain name.

We've also heard the counter-argument that some domains are visited infrequently, so short pins would do nothing for them.

So here are some options. Please reply to this thread with with your preference. Arguments are good, but "+1" works as well. So…

How should we handle the max-max-age issue:
 (1) No hard limits, but allow UAs to limit the pin time. Suggest a month
 (2) Set a hard limit of one month in the RFC. Longer pins are truncated.
 (3) No hard limits, but allow the UA to skip hard-fail if a pin hasn't been observed for some time (like a month)
 (4) Adopt some gradual confidence-building scheme a-la-TACK.

"None of the above" is possible, but MUST come with argument and proposed text.

Let's give this until Wednesday, 22-May.

Thanks

Tobias & Yoav

v2.23.0 | Report a Bug | By Email