W3C home > Mailing lists > Public > public-web-security@w3.org > May 2015

Re: [W3C Web Security IG] Strews report - phase 2

From: Jeffrey Walton <noloader@gmail.com>
Date: Mon, 18 May 2015 14:29:15 -0400
Message-ID: <CAH8yC8n-WZwJvO=UV2Lo7MObzE7_uH5snOQPgeV_FwJLkgRW5Q@mail.gmail.com>
To: GALINDO Virginie <Virginie.Galindo@gemalto.com>
Cc: "public-web-security@w3.org" <public-web-security@w3.org>, Rigo Wenning <rigo@w3.org>
On Mon, May 18, 2015 at 8:54 AM, GALINDO Virginie
<Virginie.Galindo@gemalto.com> wrote:
> Dear all,
> In case you missed it, the second report of STREWS has been delivered last
> week, focusing on the security web architecture (and tools to improve the
> web security).
> It is available here :
> http://www.strews.eu/images/StrewsWebSecurityArchitecture.pdf
> Any question, comment, should be directed to Rigo (CCed).
> Regards,

The section on Transport Layer Security (TLS) (section 2.1.4) is also
very good. It details technologies like Key Pinning.

However, the discussion misses the mark a bit because the
implementation is more correctly called "Key Pinning with Overrides".
The overrides are barely mentioned in the documents I have seen, but
they have a dramatic effect on the TOFU scheme/key continuity
assurances delivered by the overall system.

For example, an adversary can trick a user into installing a rogue CA.
Or a user may be tricked into installing a CA under the guise of
device management (for example, to participate in a BYOD program). The
user clearly does not understand the security implications of such a
decision, or follow up attacks like middleware/interception proxies
providing a fake certificate and setting the "server authentication"
bit in a end entity certificate when they are *not* really the server.

Effectively, the key pinning scheme will allow the attacker to break a
known good pinset just because the user was phished. Worse, the
standard documents I have seen have error reporting *but* the broken
pinsets are called out as MUST NOT report. So the standard is also
complicit in the cover up.

"Missing the mark a bit" is not that bad. It just means risks are not
clearly enumerated for those who are interested in such things.

Received on Monday, 18 May 2015 18:29:43 UTC

This archive was generated by hypermail 2.3.1 : Monday, 18 May 2015 18:29:43 UTC