Feature #9026

Deploy HPKP

Added by sajolida 2015-03-06 19:31:56 . Updated 2019-04-27 14:18:31 .

Status:
Rejected
Priority:
Normal
Assignee:
Category:
Infrastructure
Target version:
Start date:
2015-03-06
Due date:
% Done:

0%

Feature Branch:
Type of work:
Sysadmin
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

We already have HSTS on our website, but HPKP seems to be the next generation public-key authentication for websites and we have been recommended to deploy it.

https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning

This would serve as a mitigation technique against MitM on our website (HPKP is at least TOFU, until we get in the preload list see Feature #9027).

dkg recommends making two backup end-entity keys on an offline machine, and pinning to your active key + these two others.

Subtasks

Related issues

Related to Tails - Feature #9027: Add our website to Firefox' hardcoded Public Key Pinning ("static pins") Rejected 2015-03-06
Related to Tails - Feature #16675: Consider using the Expect-CT header for Certificate Transparency on our website Confirmed

History

#1 Updated by sajolida 2015-03-06 19:36:29

  • Description updated

#2 Updated by sajolida 2015-03-06 19:36:44

  • blocks Feature #9027: Add our website to Firefox' hardcoded Public Key Pinning ("static pins") added

#3 Updated by sajolida 2015-03-06 19:38:11

  • Description updated

#4 Updated by intrigeri 2015-03-06 19:51:54

  • blocked by deleted (Feature #9027: Add our website to Firefox' hardcoded Public Key Pinning ("static pins"))

#5 Updated by sajolida 2015-03-10 16:17:26

  • blocks Feature #9027: Add our website to Firefox' hardcoded Public Key Pinning ("static pins") added

#6 Updated by sajolida 2015-03-17 13:22:21

  • blocked by deleted (Feature #9027: Add our website to Firefox' hardcoded Public Key Pinning ("static pins"))

#7 Updated by intrigeri 2017-05-28 12:21:18

Our website now uses certificates issued by Let’s Encrypt. Most Let’s Encrypt clients generate a new key upon renewal, which is incompatible with pinning our public key with HPKP. The options we have are thus:

  1. pin the root CA instead of our own leaf key, as GitHub does
    • pros: relatively easy to implement, not too easy to get it wrong
    • cons: does not protect against compromise of the Let’s Encrypt CA (and any additional root CA we’re likely to switch to if we ever have issues with Let’s Encrypt, that we should include in the pinning)
  2. tweak the Let’s Encrypt renewal process to reuse the same key, and pin it
    • pros: protects against compromise of the Let’s Encrypt CA
    • cons: renewing the key is tricky, see https://scotthelme.co.uk/setting-up-le/ for hints; it’s very easy to get it wrong and lock people out of our website for a long time

My current thinking is that the 2nd option is risky and requires too much work, but the first option seems doable: it could be a good candidate when we create our 2018-2019 sysadmin roadmap.

In any case, additional offline backup keys are a must.

#8 Updated by sajolida 2017-11-03 13:05:54

  • related to Feature #9027: Add our website to Firefox' hardcoded Public Key Pinning ("static pins") added

#10 Updated by Anonymous 2018-01-19 15:30:21

sajolida wrote:
> Chrome is discussing the removal of HPKP from Chrome in 2018:

In Chrome 67, which is estimated to be released to Stable on 29 May 2018, precisely.

#11 Updated by sajolida 2018-06-04 12:53:53

  • Assignee set to sajolida
  • Target version set to Tails_3.8

We’re now in June 2018 so I’ll check what happened to this in Chrome.

#12 Updated by sajolida 2018-06-25 16:17:30

  • Target version changed from Tails_3.8 to Tails_3.9

#13 Updated by sajolida 2018-08-02 11:18:44

  • Target version changed from Tails_3.9 to Tails_3.10.1

Done.

The release notes for Chrome are actually hard to find. I found this:

https://support.google.com/chrome/a/answer/7679408

with no sign of removal of HPKP in Chrome 68.

I’ll check again in a couple of months.

#14 Updated by sajolida 2018-10-21 20:37:34

  • Target version changed from Tails_3.10.1 to Tails_3.11

#15 Updated by jvoisin 2018-10-22 09:44:26

HPKP will likely be removed in Chrome 69, and the ticket tracking the removal is here .

#16 Updated by sajolida 2018-12-10 15:46:25

  • Target version changed from Tails_3.11 to Tails_3.12

#17 Updated by sajolida 2019-01-28 18:45:32

  • Target version changed from Tails_3.12 to Tails_3.13

#18 Updated by sajolida 2019-03-18 11:30:53

  • Target version changed from Tails_3.13 to Tails_3.14

#19 Updated by intrigeri 2019-04-12 07:19:22

My understanding is that in the end, HPKP support was removed in Chrome 72. HPKP is currently only supported by Firefox and Opera. All the websites I knew used HKPK in the past have stopped. I think implementing HPKP is not worth the effort anymore and I propose we reject this ticket.

Then we might want to investigate alternate TLS key/certificate hardening options:

  • Google now recommends using the Expect-CT header for Certificate Transparency instead. This header allows requiring the browser to refuse connections if the certificate is not in the Certificate Transparency logs. This is currently only supported by Chrome and Opera. It might be worth considering on a separate ticket.
  • DNS CAA (Feature #15637)

#20 Updated by sajolida 2019-04-27 14:17:44

  • related to Feature #16675: Consider using the Expect-CT header for Certificate Transparency on our website added

#21 Updated by sajolida 2019-04-27 14:18:31

  • Status changed from Confirmed to Rejected
  • Assignee deleted (sajolida)
  • Target version deleted (Tails_3.14)