Geekspeak I don't understand

[Peter Fairbrother]

On 12/05/15 21:02, Roland Perry wrote:
> Can anyone tell me what this really means, and what might have gone
> wrong, or what's amiss in 'my setup'?
>
> "An error occurred during a connection to www.facebook.com. The server
> uses key pinning (HPKP) but no trusted certificate chain could be
> constructed that matches the pinset.





There are two main forms of key pinning. In the first the browser does 
all the work, eg Chrome pins all the www.google.com sites to Google CAs, 
in later Windows installations IE pins www.microsoft-update.com sites to 
a Microsoft CA.

It's all a bit incestuous, but it probably works fairly well, and a 
fatal error block is justified here when pinning fails.

Firefox started doing this last September, and afaik there haven't been 
any significant problems.





Another form involves the first visit to a HTTPS site which claims to 
use cert pinning. The first visit is supposed to be especially trusted, 
though I can't imagine why.

Thereafter the browser is supposed to trust only the certificate 
authority (or reportedly, ouch, the certificate) mentioned in the first 
visit. This may or may not apply to all subdomains as well as the main 
domain.

I think this latter form may be what has bitten you, though afaik 
Facebook doesn't use hpkp. Maybe some thing else on the page, from 
another source, does?

Firefox started doing this second type of pinning very recently.



> Key pinning violations cannot be
> overridden. (Error code: mozilla_pkix_error_key_pinning_failure)
>
>      The page you are trying to view cannot be shown because the
>      authenticity of the received data could not be verified.
>
>      Please contact the website owners to inform them of this problem."




The RFC says you must refuse a connection if pinning fails, but this is 
just plain stupid. I am a great fan of blocking connections when it is 
100% correct to do so, as many will know - but here someone can MITM a 
page, give out a false cert for the first visit, and cause you a 
permanent DOS.

There are other holes too, eg you can block access to a site which has 
been legitimately set up by MITM-ing a wrong cert. Firewalls and proxies 
can cause trouble too. What happens if you want to delete a CA in the 
browser list of CAs, and a pinning relies on it? What happens when a 
site wants to change CA?


Privacy? I don't want someone who inspects my computer to know I have 
visited kinkyporn.com. I don't want that kept in a list of pinnings.

The second form of key pinning is pretty rubbish, security-wise. They 
haven't done anything like a proper security cost-benefit analysis.

A warning, yes that is appropriate. A report, even more so. Block it?

No.

You haven't the authority of correctness to do that. It would be like 
hanging someone when you not only didn't know for sure he did the crime, 
but were not even sure that a crime had been committed.

You are sacrificing availability for supposed integrity and/or 
confidentiality; but availability is often, usually, and in general, 
more important than confidentiality or integrity.

Another disadvantage of blocking is that you can't get a secure 
connection through hostile partial MITMing.



As the whole point of HPKP is to prevent MITM cryptographic attacks, we 
must assume the ability to MITM traffic is available in any case which 
HPKP might actually be useful.


Until April nss did not actually block sites in Linux for 
Firefox/Chrome, but they changed it then. I don't know about Windows, OSX.





Ben Laurie was/is doing some stuff along these lines, and would know 
more. Ben? You there?



-- Peter Fairbrother