> On 30 Nov 2016, at 00:33, Alexander Wuerstlein <[email protected]> wrote: > > Whereas HPKP has the nice new attack surface of "now I've -unbeknownst > to you- got access and secretly fed your users my key. Now I've deleted > it form the box. Pay me or kill your domain".
Interestingly, that attack-vector is there even if you don’t configure HPKP yourself, if you’re compromised to that degree. The argument can also be flipped as a pro-HPKP argument as well; One could easily argue that using HPKP reduces the risk that someone with a rouge certificate for your site successfully serves up a HPKP pin of their own. Keep in mind that having a rouge certificate out there doesn’t mean a CA has to be compromised for example. It could be something as simple as a previous domain owner having bought a 10 year SSL-certificate for the site you now own, or having previously used a shared SSL-infrastructure that later become compromised. Or a disgruntled employee that took off with the keys, a partnership that went bad and there’s a disagreement about owership of the domain, and so on and so forth. Or a MitM-proxy, fooling users with a fake or company-enforced root CA. For all those cases, using HPKP could both help you retain control of the domain and it’s traffic, and also help you avoid your adversary pinning his/her keys instead of yours. Don’t get me wrong, it’s an interesting point, and quite valid in a general discussion about HPKP. I’m just not sure if it’s a very good argument against using HPKP in the context of a practical/applied guide. Terje _______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
