[cabfpub] Public key pinning (Was: Notes of meeting)

Gervase Markham gerv at mozilla.org
Thu Jul 12 09:09:39 UTC 2012

On 11/07/12 23:45, Chris Palmer wrote:
> Right — but, how can we be sure that enough people who lose control of
> their primary key won't also lose control of their backup key at the
> same time? They were probably both on the same USB drive that got put
> in the washing machine. :)

You can't. People will always be able to shoot themselves in the foot if
they try hard enough.

What this does avoid is the existence of the following web page:

"Protect your website from Iranian hackers!
<instructions on taking fingerprint of existing certificate>
<instructions on adding pinning header>"

Many sites don't _have_ two certificates. If you need two in order to
pin, it makes it clear that this is not a technology to be adopted
without thought. And I think that's actually a good thing.

Alternatively, I guess, you could permit only one pin if the pin were
not for the end entity cert. But permitting single pins for EE certs is
a footgun IMO.

> But pinning has some other problems that Ryan Sleevi brought to my
> attention: building a path from EE to root is "entertaining", in that
> there can be more than one valid path. What if the pinned key is in a
> certificate that is only sometimes in the path that clients build, or
> always in the path that some clients build and never in the path that
> other clients build? The result is false failure in the pin validation
> process, with bonus non-determinism to make debugging fun.

Is path-building really non-deterministic?

There can be multiple routes, but my (perhaps naive) understanding is
that multiple paths doesn't happen in the common website-on-the-internet
case, at least not for end-entity certs or the intermediates directly
above them. But perhaps someone can tell me I'm wrong.

> One way to work around this is to pin to all the known keys that get
> you from your EE to your chosen root(s), but it's probably going to be
> hard for J. Random Site Operator to know that whole set. They might
> learn it in the school of hard knocks. Or maybe CAs can say, "If you'd
> like to pin to us, now that you've bought a cert from us, here's our
> official set of pins" or something.

Sounds like a plan.


More information about the Public mailing list