ACTION-438: saved TLS state and pinning

Looking through 5.5.1 [1] again to discharge my action about pinning
and historical TLS information...  The more I think about this text,
the more I think that the current four bullet points only really
make sense in situations in which user agents are capable of
recording whether they've seen a site before, and whether they've
seen a validated certificate from that site.

I propose that we therefore split into the two cases, and say
something like this:

>>>

When, for a TLS-protected HTTP connection, the certificate chain
presented by the server does not lead to a trusted root certificate,
and the certificate chain presented was not pinned to the
destination at hand, the following applies to user agents that are
capable of storing the state of certificates that were previously
encountered:

 -- four numbered bullets as they currently apply --

For user agents that are not capable of storing the state of
certificates that were previously encountered, the following applies:

  1. Error signalling of class warning or above MUST be used to
  signal the error condition.
  
  2. User agents MAY offer the possibility to pin the newly
  encountered certificate to the destination at hand. Note that this
  newly pinned certificate could be the basis for a spoofing attack,
  or it could represent a refresh of an Self Signed Certificate.

User agents SHOULD store the state of certificates that were
previously encountered (specifically, whether or not a site
previously presented a validated certificate).  Historical TLS
information stored for the purposes of evaluating security relevant
changes of behavior MAY be expunged from the user agent on the same
schedule as other browsing history information. Historical TLS
information MUST NOT be expunged prior to other browsing history
information. For purposes of this requirement, browsing history
information includes visit logs, bookmarks, and information stored
in a user agent cache.

 -- continue with current text --
 
<<<<


(ISSUE-169 and ACTION-438)

1. http://www.w3.org/2006/WSC/drafts/rec/rewrite.html#sec-tlserrors
-- 
Thomas Roessler, W3C  <tlr@w3.org>

Received on Wednesday, 14 May 2008 07:41:29 UTC