Re: [W3C Web Security IG] Strews report - phase 2

On Mon, May 18, 2015 at 8:54 AM, GALINDO Virginie
<Virginie.Galindo@gemalto.com> wrote:
> Dear all,
>
> In case you missed it, the second report of STREWS has been delivered last
> week, focusing on the security web architecture (and tools to improve the
> web security).
>
> It is available here :
> http://www.strews.eu/images/StrewsWebSecurityArchitecture.pdf
>
> Any question, comment, should be directed to Rigo (CCed).
>
> Regards,

The section on Transport Layer Security (TLS) (section 2.1.4) is also
very good. It details technologies like Key Pinning.

However, the discussion misses the mark a bit because the
implementation is more correctly called "Key Pinning with Overrides".
The overrides are barely mentioned in the documents I have seen, but
they have a dramatic effect on the TOFU scheme/key continuity
assurances delivered by the overall system.

For example, an adversary can trick a user into installing a rogue CA.
Or a user may be tricked into installing a CA under the guise of
device management (for example, to participate in a BYOD program). The
user clearly does not understand the security implications of such a
decision, or follow up attacks like middleware/interception proxies
providing a fake certificate and setting the "server authentication"
bit in a end entity certificate when they are *not* really the server.

Effectively, the key pinning scheme will allow the attacker to break a
known good pinset just because the user was phished. Worse, the
standard documents I have seen have error reporting *but* the broken
pinsets are called out as MUST NOT report. So the standard is also
complicit in the cover up.

"Missing the mark a bit" is not that bad. It just means risks are not
clearly enumerated for those who are interested in such things.

Jeff

Received on Monday, 18 May 2015 18:29:43 UTC