[cabfpub] Public key pinning (Was: Notes of meeting)

Adam Langley agl at google.com
Thu Jul 12 11:40:17 UTC 2012


On Thu, Jul 12, 2012 at 5:09 AM, Gervase Markham <gerv at mozilla.org> wrote:
> Is path-building really non-deterministic?
>
> There can be multiple routes, but my (perhaps naive) understanding is
> that multiple paths doesn't happen in the common website-on-the-internet
> case, at least not for end-entity certs or the intermediates directly
> above them. But perhaps someone can tell me I'm wrong.

It can be pretty complex I'm afraid which is why we pin to public keys
and not certificates.

Imagine root certificate C which was originally issued with a SHA1
self-signature and, in more recent root stores, they replaced it with
a SHA256 version. Different clients will then get different chains
(although the public keys are invariant). The same issue happens if a
certificate is promoted to the root store when previously it was
cross-signed: here even the public keys differ because the list is
truncated.

I've worked with the sites that we've pinned so far in Chrome to avoid
these issues, but a self-service scheme like TACK or the headers
option does allow people to screw things up.

Although, given the limited uptake of HSTS, maybe it won't be a big problem :)


Cheers

AGL



More information about the Public mailing list