<div dir="ltr"><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Dec 18, 2013 at 1:23 PM, Eddy Nigg (StartCom Ltd.) <span dir="ltr"><<a href="mailto:eddy_nigg@startcom.org" target="_blank">eddy_nigg@startcom.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<br>
On 12/18/2013 10:14 PM, From Ryan Sleevi:
<blockquote type="cite"><div class="im">
<p dir="ltr">
> How did you arrive at that sum? Pinning shouldn't really
cost anything once the code is in the browsers. I also assume
that code changes for CT wouldn't be any cheaper than that.</p>
</div><p dir="ltr">Pinning is NOT just a nob you turn. It carries huge
operational risks to realize the preventative guarantees</p>
</blockquote>
<br>
Are we talking about the same thing here?</div></blockquote><div><br></div><div>Absolutely.</div><div><br></div><div>If you haven't followed the IETF discussions about pinning, I absolutely encourage you to do so. The pinning draft itself is careful to spell out that there are non-trivial risks aplenty with pinning, BUT it can provide *preventative* mitigation.<br>
</div><div><br></div><div>As Brad states, pinning (and counter-solutions like TACK) introduce a whole new key lifetime / management cycle that many organizations are barely capable of meeting with SSL. However, unlike expired certs and lost keys, there is no CA to call up in the middle of the night to get them to rush a cert out for you - you've bricked your customers for as long as you committed your pins to.<br>
</div><div><br></div><div>That sort of "footgun" behaviour is NOT desired by all sites, many of whom would be happy to make a trade-off for detection rather than prevention.</div><div><br></div><div>Again, pinning (and solutions like pinning, such as TACK) are solving a very different problem set than CT attempts to solve. They just *happen* to overlap in one part of the problem space.</div>
<div><br></div></div></div></div>