[cabfpub] [cabfman] Improving the security of EV Certificates
Ryan Sleevi
sleevi at google.com
Wed Dec 18 14:44:16 MST 2013
On Wed, Dec 18, 2013 at 1:39 PM, Eddy Nigg (StartCom Ltd.) <
eddy_nigg at startcom.org> wrote:
>
> On 12/18/2013 11:32 PM, From Ryan Sleevi:
>
>
>
> On Wed, Dec 18, 2013 at 1:23 PM, Eddy Nigg (StartCom Ltd.) <
> eddy_nigg at startcom.org> wrote:
>
>>
>> On 12/18/2013 10:14 PM, From Ryan Sleevi:
>>
>> > How did you arrive at that sum? Pinning shouldn't really cost
>> anything once the code is in the browsers. I also assume that code changes
>> for CT wouldn't be any cheaper than that.
>>
>> Pinning is NOT just a nob you turn. It carries huge operational risks to
>> realize the preventative guarantees
>>
>>
>> Are we talking about the same thing here?
>>
>
> Absolutely.
>
> If you haven't followed the IETF discussions about pinning, I absolutely
> encourage you to do so.
>
>
> Sadly I don't have much time for IETF discussions, but...
>
I can understand the volume of mail can be quite a bit, but I think it
would be very helpful for the discussions to get some familiarity with the
spec and the attendant issues if you do want to suggest it as a viable
alternative to CT.
>
>
> The pinning draft itself is careful to spell out that there are
> non-trivial risks aplenty with pinning, BUT it can provide *preventative*
> mitigation.
>
>
> WHAT? With pinning I understand to pin a particular certificate to a
> particular host name in the browser. Is this what you are talking about?
>
Yes. And it can be VERY risky, VERY hard to get right, and is a VERY costly
mistake if you get wrong. That said, when the stars are aligned and the
engineers are competant and the moon is shining upon you, it can actively
prevent MITM, rather than just detect.
I'd be happy to discuss more with you, but pinning is absolutely something
that even we at Google (proposers of it and authors of the current spec)
are quick to point out is NOT a general solution for everyone and requires
careful balance to choose whether the (risks of MITM) exceed (risks of
bricking your entire site, with no one to dial up on a batphone to rescue
you).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://cabforum.org/pipermail/public/attachments/20131218/69d8e1c0/attachment.html
More information about the Public
mailing list