On Mon, September 22, 2014 11:23 am, Chris Palmer wrote: > On Sat, Sep 20, 2014 at 1:10 AM, Anne van Kesteren <ann...@annevk.nl> > wrote: > >> ** Could the TACK key be the origin key? > > > > Is TACK still going anywhere? The mailing list suggests it's dead. > > But one could imagine it being resuscitated, if it were a way to get a > long-lived cryptographic identity for an origin.
I have great respect for those responsible for TACK, and they have been invaluable in discovering and discussing the limitations of HPKP. However, as potentially foot-gun as HPKP is, TACK is exponentially larger, in that (and yes, this is anecdata, but one you can find backed up at most organizations), key lifecycle management remains the single biggest challenge for organizations. TACKs design - especially with an offline key - is one that we know is dangerous. The same environmental factors that lead to SHA-1 deprecation being hard (organizations wanting to have long-lived certs, then forgetting the organizational knowledge necessary to manage/rotate/re-issue those certs, as one example) contribute to TACK being a great way to brick things. That is, the TSK is almost invariably going to get lost, or someone will forget the password, or the person who creates the TSK will forget to back it up and format their machine, or any number of things we _routinely_ see with SSL certs (and precisely why implicit pinning to EE certs is hard). The only people who will be able to safely deploy TACK are a subset of those who can safely deploy HPKP. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
