<div dir="ltr"><br><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Dec 18, 2013 at 1:39 PM, Eddy Nigg (StartCom Ltd.) <span dir="ltr"><<a href="mailto:eddy_nigg@startcom.org" target="_blank">eddy_nigg@startcom.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<br>
On 12/18/2013 11:32 PM, From Ryan Sleevi:
<div class="im"><blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Wed, Dec 18, 2013 at 1:23 PM, Eddy
Nigg (StartCom Ltd.) <span dir="ltr"><<a href="mailto:eddy_nigg@startcom.org" target="_blank">eddy_nigg@startcom.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> <br>
On 12/18/2013 10:14 PM, From Ryan Sleevi:
<blockquote type="cite">
<div>
<p dir="ltr"> > How did you arrive at that sum?
Pinning shouldn't really cost anything once the
code is in the browsers. I also assume that code
changes for CT wouldn't be any cheaper than that.</p>
</div>
<p dir="ltr">Pinning is NOT just a nob you turn. It
carries huge operational risks to realize the
preventative guarantees</p>
</blockquote>
<br>
Are we talking about the same thing here?</div>
</blockquote>
<div><br>
</div>
<div>Absolutely.</div>
<div><br>
</div>
<div>If you haven't followed the IETF discussions about
pinning, I absolutely encourage you to do so. </div>
</div>
</div>
</div>
</blockquote>
<br></div>
Sadly I don't have much time for IETF discussions, but...</div></blockquote><div><br></div><div>I can understand the volume of mail can be quite a bit, but I think it would be very helpful for the discussions to get some familiarity with the spec and the attendant issues if you do want to suggest it as a viable alternative to CT.</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div bgcolor="#FFFFFF" text="#000000"><div class="im"><br>
<br>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div>The pinning draft itself is careful to spell out that
there are non-trivial risks aplenty with pinning, BUT it
can provide *preventative* mitigation.<br>
</div>
</div>
</div>
</div>
</blockquote>
<br></div>
WHAT? With pinning I understand to pin a particular certificate to a
particular host name in the browser. Is this what you are talking
about?</div></blockquote><div><br></div><div>Yes. And it can be VERY risky, VERY hard to get right, and is a VERY costly mistake if you get wrong. That said, when the stars are aligned and the engineers are competant and the moon is shining upon you, it can actively prevent MITM, rather than just detect.<br>
</div><div><br></div><div>I'd be happy to discuss more with you, but pinning is absolutely something that even we at Google (proposers of it and authors of the current spec) are quick to point out is NOT a general solution for everyone and requires careful balance to choose whether the (risks of MITM) exceed (risks of bricking your entire site, with no one to dial up on a batphone to rescue you).</div>
</div></div></div>