On 02/14/2013 07:22 PM, Joseph Bonneau wrote:
>>> I thought he'd only believe pins on the href he's about
>>> to follow when those had just been delivered direct from
>>> one of a browser-chosen list of sources that are
>>> explicitly trusted (by the browser, not Brian) for this.
>>
>
> This is not correct. S-links can come from any site, not just pre-trusted
> sites, and the browser will honor them if the user clicks them.
Ah, I hadn't got that aspect at all. I probably need to think out
the consequences.
>> > But I guess it might be that if he searched for "front
>>> for the liberation of..." on Thursday and then on Friday
>>> typed in the JPF URL that could work if the browser has
>>> kept the info. ('course those paranoid JPF guys might
>>> change their key late on Thursday which'd be bad) so
>>> maybe not.
>>
>
> The assumption is that the correct JPF website delivers persistent key
> pins, so Brian can go direct to their site Friday after a secure
> introduction on Thursday. If he goes via s-link on Thursday and doesn't get
> any persistent key pins, the s-link won't affect his direct visit on
> Friday, but this is by design. If the site isn't declaring key pins, it
> means they're reserving the right to change their mind Thursday night. If
> they are setting their own pins, they shouldn't change Thursday night or
> else they'll be bricking some users, independently of s-links .
I don't get that sorry.
Brian searches for "front for the ..." at noon Thu. and gets
a href for JPF with PIN1 valid until Saturday.
JPF rekey late Thursday. Let's say it was an emergency.
Brian visits JPF Friday morning and PIN1 no longer matches
the JPF TLS server cert.
What happens then?
Ta,
S.
_______________________________________________
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey
