tag:blogger.com,1999:blog-2365489364368097756.post8563159469841042293..comments2023-04-05T02:31:28.430-07:00Comments on Monica at Mozilla: Firefox 32 supports Public Key PinningMonicahttp://www.blogger.com/profile/12258842422801876253noreply@blogger.comBlogger25125tag:blogger.com,1999:blog-2365489364368097756.post-44007229623926928022015-05-21T13:38:48.457-07:002015-05-21T13:38:48.457-07:00Thank you Hanxue, not sure why that happened but I...Thank you Hanxue, not sure why that happened but I re-uploaded it.Monicahttps://www.blogger.com/profile/12258842422801876253noreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-69162819325395847022015-05-06T21:06:44.374-07:002015-05-06T21:06:44.374-07:00Hey, thanks for the informative and straight-forwa...Hey, thanks for the informative and straight-forward article on public key pinning. <br /><br />The last picture on the Wifi scenario does not load for me, with ACL error. Hanxuehttps://www.blogger.com/profile/14117444242661786533noreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-84063740548230190572014-09-04T12:01:48.357-07:002014-09-04T12:01:48.357-07:00Another way to look at it is that enterprise users...Another way to look at it is that enterprise users are about 1% of the total user base, and that changing the default makes the other 99% safer at the expense of administration time for enterprise. I imagine that enterprise sysadmins change many other settings in Firefox.Monicahttps://www.blogger.com/profile/12258842422801876253noreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-5310193424418644362014-09-04T10:45:18.219-07:002014-09-04T10:45:18.219-07:00Monica, that is a horrible plan. Corporate sanct...Monica, that is a horrible plan. Corporate sanctioned SSL proxy customers are not going to love having to change the default behavior in all their web browsers. Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-40976357943003854182014-08-31T08:45:09.536-07:002014-08-31T08:45:09.536-07:00Anonymous, from https://wiki.mozilla.org/SecurityE...Anonymous, from https://wiki.mozilla.org/SecurityEngineering/Public_Key_Pinning#How_to_use_pinning you can change security.cert_pinning.enforcement_level to 2. This will disallow user-installed trust anchors (or corporate-installed ones) from being able to MitM connections. We may make this the default setting in FF 35.Monicahttps://www.blogger.com/profile/12258842422801876253noreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-76899481264197621172014-08-30T00:15:47.839-07:002014-08-30T00:15:47.839-07:00My Corporation has installed an internal SSL certi...My Corporation has installed an internal SSL certificate on all browsers and then uses it to encrypt the connection and traffic to the Corporate web proxy. The Corporate web Proxy falsifies the certificate information to look like the traffic is coming from Google so the certificate and URL matches. <br /><br />I am told there is not much Firefox can do at this point because the web proxy is applying a basic man-in-the-middle attack on the SSL connections using a pre-authorized imported certificate.<br /><br />Will "pinning" help detect this and at least give a warning (eg red, but locked, padlock) to indicate the connection is encrypted but using an imported, not recognized, certificate?<br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-22303761138168737002014-08-29T17:50:55.927-07:002014-08-29T17:50:55.927-07:00Bummer. I should have RTFM:
How to use pinning
...Bummer. I should have RTFM:<br /><br /> How to use pinning<br /><br />Starting with FF 32, it's on by default, so you don't have to do anything. The pinning level is enforced by a pref, security.cert_pinning.enforcement_level<br /><br /> 0. Pinning disabled<br /> 1. Allow User MITM (pinning not enforced if the trust anchor is a user inserted CA, default)<br /> 2. Strict. Pinning is always enforced.<br /> 3. Enforce test mode. <br /><br />So no worries. Mozilla is obviously smarter than me. Although malware installing their own cert was being done last decade, this is a very good compromise.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-58128790682361301842014-08-29T17:42:27.522-07:002014-08-29T17:42:27.522-07:00That was my precise question as well. That could f...That was my precise question as well. That could force us away from Firefox if it interferes with the user experience. Much of the malware is coming in via legitimate but compromised sites and we're seeing a few legit compromised HTTPS sites a week now. Hopefully there is a way to disable this via Group Policy for corporate environments if it is going to cause user experience issues. You don't really have an option to use anything but a self-signed certificate. I think it's in 2016 when public CA's are forbidden from issuing certs for internal-only domains and they have to revoke any that they issued.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-5640625100588334682014-08-29T12:45:39.575-07:002014-08-29T12:45:39.575-07:00yes, its a self sign certyes, its a self sign certAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-42738610239293854422014-08-29T05:03:48.420-07:002014-08-29T05:03:48.420-07:00How does this key pinning work with MITM done in m...How does this key pinning work with MITM done in many companies, where a (usually self signed) proxy CA is deployed to the clients browsers to trust the certificates created with that CA ? Will now any Firefox User behind a HTTPS corporate proxy see those warnings, or are manually added CA certificates handled from FF the same way as before ?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-37104788757229986602014-08-29T03:49:30.278-07:002014-08-29T03:49:30.278-07:00I would strongly be in favor of DANE too. Certifi...I would strongly be in favor of DANE too. Certificate Pinning that doesn't integrate with DNS-SEC is very much a dead-end solution IMO.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-87751950592097745642014-08-28T09:20:11.470-07:002014-08-28T09:20:11.470-07:00Thanks Julian, fixed.Thanks Julian, fixed.Monicahttps://www.blogger.com/profile/12258842422801876253noreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-90793321688838791602014-08-28T09:17:56.790-07:002014-08-28T09:17:56.790-07:00You may want to link to draft-ietf-websec-key-pinn...You may want to link to draft-ietf-websec-key-pinning-20 instead of draft-ietf-websec-key-pinning-12...Julian Reschkenoreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-46927705319631267422014-08-28T09:03:53.297-07:002014-08-28T09:03:53.297-07:00Hi Dennis, I assume you're talking about HPKP....Hi Dennis, I assume you're talking about HPKP. I think the idea is that if the first time you connect to the site and the PKP header has *not* been re-written, then subsequent attacks to rewrite the PKP header will fail because the user-agent will remember the correct set of pins from the first clean load.Monicahttps://www.blogger.com/profile/12258842422801876253noreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-50825921587321584112014-08-27T20:36:57.254-07:002014-08-27T20:36:57.254-07:00Interesting idea, but how could it prevent man-in-...Interesting idea, but how could it prevent man-in-the-middle-attacks and rewrite the Public-Key-Pins header?Anonymoushttps://www.blogger.com/profile/02290335354885293728noreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-89631576516804227762014-08-27T09:18:52.315-07:002014-08-27T09:18:52.315-07:00That's an interesting question. Some sites hav...That's an interesting question. Some sites have dozens of pins. I don't know that they could embrace HPKP without being able to reduce that to just a few. That kind of operational work can be very time-consuming, so I doubt that we would scrap built-in pins immediately unless everyone we were currently pinning could immediately switch over to HPKP.Monicahttps://www.blogger.com/profile/12258842422801876253noreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-64828239356417767942014-08-27T09:16:52.437-07:002014-08-27T09:16:52.437-07:00Without knowing too much about DANE or HPKP, I ten...Without knowing too much about DANE or HPKP, I tend to agree with you. It seems silly to bloat every HTTP response with a pin list, plus it avoids the clean load problem.<br /><br />That being said, I think that built-in pins for high traffic sites are a fine intermediate solution.Monicahttps://www.blogger.com/profile/12258842422801876253noreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-20065479382961008982014-08-27T04:42:06.623-07:002014-08-27T04:42:06.623-07:00The problem as I see it is that many devices (lik...The problem as I see it is that many devices (like my Samsung Galaxy) navigate to Google during the captive portal login. Seeing an error instead of the captive portal will really confuse users.ferongrnoreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-91668672400061994222014-08-27T04:29:30.630-07:002014-08-27T04:29:30.630-07:00Captive portals break standards-compliance, so if ...Captive portals break standards-compliance, so if there are issues visiting them, it's the portals that need to be fixed.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-39743881419381463142014-08-27T02:52:52.237-07:002014-08-27T02:52:52.237-07:00Will the stock pin list be scrapped once the HTTP ...Will the stock pin list be scrapped once the HTTP extension is fully implemented?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-16695301695453037532014-08-27T00:25:05.295-07:002014-08-27T00:25:05.295-07:00Wouldn't it be feasible to check DANE/DNSSEC r...Wouldn't it be feasible to check DANE/DNSSEC records for domain names supporting them ? This would be a more global (and standard) solution for this problem ?Anonymoushttps://www.blogger.com/profile/10130136796260111509noreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-32331642253560293282014-08-26T22:02:26.321-07:002014-08-26T22:02:26.321-07:00It means that the first time you visit the site, n...It means that the first time you visit the site, no one is trying to MiTM the connection.Monicahttps://www.blogger.com/profile/12258842422801876253noreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-52236838503598726342014-08-26T22:01:45.485-07:002014-08-26T22:01:45.485-07:00Yes, the paragraph above about transient errors is...Yes, the paragraph above about transient errors is mostly about captive portal. The person needs to finish signing into wifi before visiting a pinned site.Monicahttps://www.blogger.com/profile/12258842422801876253noreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-79799190615436691802014-08-26T20:56:06.811-07:002014-08-26T20:56:06.811-07:00On the wiki page (in the last section), it says &#...On the wiki page (in the last section), it says '[dynamic pinsets] relies on "clean load" in order to provide a similar level of assurance as built-in pins'. What does "clean load" mean?voracityhttps://www.blogger.com/profile/03471083431826382069noreply@blogger.comtag:blogger.com,1999:blog-2365489364368097756.post-87939111733767700552014-08-26T19:58:50.386-07:002014-08-26T19:58:50.386-07:00When a captive portal is detected, many Android de...When a captive portal is detected, many Android devices (like my Samsung) open the preferred browser (I think the one that the user has selected in the intent dialog) and navigate to Google. DNS poisoning happens and the user is redirected to the login page. What happens with pinned certificates for Google in this case? Will an error show up? If yes, does the user have to know and try to navigate to a website without a pinned cert?ferongrnoreply@blogger.com