PROPOSED STANDARD

Errata Exist

Internet Engineering Task Force (IETF) C. Evans Request for Comments: 7469 C. Palmer Category: Standards Track R. Sleevi ISSN: 2070-1721 Google, Inc. April 2015 Public Key Pinning Extension for HTTP Abstract This document defines a new HTTP header that allows web host operators to instruct user agents to remember ("pin") the hosts' cryptographic identities over a period of time. During that time, user agents (UAs) will require that the host presents a certificate chain including at least one Subject Public Key Info structure whose fingerprint matches one of the pinned fingerprints for that host. By effectively reducing the number of trusted authorities who can authenticate the domain during the lifetime of the pin, pinning may reduce the incidence of man-in-the-middle attacks due to compromised Certification Authorities. Status of This Memo This is an Internet Standards Track document. This document is a product of the Internet Engineering Task Force (IETF). It represents the consensus of the IETF community. It has received public review and has been approved for publication by the Internet Engineering Steering Group (IESG). Further information on Internet Standards is available in Section 2 of RFC 5741. Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at http://www.rfc-editor.org/info/rfc7469. Evans, et al. Standards Track [Page 1]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Evans, et al. Standards Track [Page 2]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 1 . Introduction RFC5246] connections. Deploying Public Key Pinning (PKP) safely will require operational and organizational maturity due to the risk that hosts may make themselves unavailable by pinning to a set of SPKIs that becomes invalid (see Section 4). With care, host operators can greatly reduce the risk of man-in-the-middle (MITM) attacks and other false- authentication problems for their users without incurring undue risk. PKP is meant to be used together with HTTP Strict Transport Security (HSTS) [RFC6797], but it is possible to pin keys without requiring HSTS. A Pin is a relationship between a hostname and a cryptographic identity (in this document, one or more of the public keys in a chain of X.509 certificates). Pin Validation is the process a UA performs to ensure that a host is in fact authenticated with its previously established Pin. Key pinning is a trust-on-first-use (TOFU) mechanism. The first time a UA connects to a host, it lacks the information necessary to perform Pin Validation; UAs can only apply their normal cryptographic identity validation. (In this document, it is assumed that UAs apply X.509 certificate chain validation in accord with [RFC5280].) The UA will not be able to detect and thwart a MITM attacking the UA's first connection to the host. (However, the requirement that the MITM provide an X.509 certificate chain that can pass the UA's validation requirements, without error, mitigates this risk somewhat.) Worse, such a MITM can inject its own PKP header into the HTTP stream, and pin the UA to its own keys. To avoid post facto detection, the attacker would have to be in a position to intercept all future requests to the host from that UA. Thus, key pinning as described in this document is not a perfect defense against MITM attackers capable of passing certificate chain validation procedures -- nothing short of pre-shared keys can be. However, it provides significant value by allowing host operators to limit the number of certification authorities that can vouch for the host's identity, and allows UAs to detect in-process MITM attacks after the initial communication. Evans, et al. Standards Track [Page 4]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 2.1.1 . The Pin Directive RFC6234]; additional algorithms may be allowed for use in this context in the future. The quoted-string is a sequence of base 64 digits: the base64-encoded SPKI Fingerprint [RFC4648] (see Section 2.4). According to the processing rules of Section 2.1, the UA MUST ignore pin-directives with tokens naming hash algorithms it does not recognize. If the set of remaining effective pin-directives is empty, and if the host is a Known Pinned Host, the UA MUST cease to consider the host as a Known Pinned Host (the UA should fail open). The UA should indicate to users that the host is no longer a Known Pinned Host. Evans, et al. Standards Track [Page 6]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 2.1.5 . Examples Evans, et al. Standards Track [Page 8]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 2.2 . Server Processing Model 2.2.1 . HTTP-over-Secure-Transport Request Type Section 2.1. Establishing a given host as a Known Pinned Host, in the context of a given UA, is accomplished as follows: 1. Over the HTTP protocol running over secure transport, by correctly returning (per this specification) at least one valid PKP header field to the UA. 2. Through other mechanisms, such as a client-side preloaded Known Pinned Host List. 2.2.2 . HTTP Request Type Evans, et al. Standards Track [Page 9]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 2.3 . User Agent Processing Model Section 10 of [RFC6797]. 2.3.1 . Public-Key-Pins Response Header Field Processing Section 2.1, and there are no underlying secure transport errors or warnings (see Section 2.5), the UA MUST either: o Note the host as a Known Pinned Host if it is not already so noted (see Section 2.3.3), or, o Update the UA's cached information for the Known Pinned Host if any of the max-age, includeSubDomains, or report-uri header field value directives convey information different from that already maintained by the UA. The max-age value is essentially a "time to live" value relative to the time of the most recent observation of the PKP header field. If the max-age header field value token has a value of 0, the UA MUST remove its cached Pinning Policy information (including the includeSubDomains directive, if asserted) if the Pinned Host is Known, or, MUST NOT note this Pinned Host if it is not yet Known. If a UA receives more than one PKP header field or more than one PKP- RO header field in an HTTP response message over secure transport, then the UA MUST process only the first PKP header field (if present) and only the first PKP-RO header field (if present). If the UA receives the HTTP response over insecure transport, or if the PKP header is not a Valid Pinning Header (see Section 2.5), the UA MUST ignore any present PKP header field(s). Similarly, if the UA receives the HTTP response over insecure transport, the UA MUST ignore any present PKP-RO header field(s). The UA MUST ignore any PKP or PKP-RO header fields not conforming to the grammar specified in Section 2.1. Evans, et al. Standards Track [Page 10]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 2.3.2 . Interaction of Public-Key-Pins and Public-Key-Pins-Report-Only Section 2.3.1. When the PKP-RO header is used with a report-uri, the UA SHOULD POST reports for Pin Validation failures to the indicated report-uri, although the UA MUST NOT enforce Pin Validation. That is, in the event of Pin Validation failure when the host has set the PKP-RO header, the UA performs Pin Validation to check whether or not it should POST a report, but not whether it should cause a connection failure. Note: There is no purpose to using the PKP-RO header without the report-uri directive. User Agents MAY discard such headers without interpreting them further. When the PKP header is used with a report-uri, the UA SHOULD POST reports for Pin Validation failures to the indicated report-uri, as well as enforce Pin Validation. If a host sets the PKP-RO header, the UA SHOULD note the Pins and directives given in the PKP-RO header, ignoring any max-age directive. If the UA does note the Pins and directives in the PKP-RO header, it SHOULD evaluate the specified policy and SHOULD report any would-be Pin Validation failures that would occur if the report-only policy were enforced. If a host sets both the PKP header and the PKP-RO header, the UA MUST note and enforce Pin Validation as specified by the PKP header, and SHOULD process the Pins and directives given in the PKP-RO header. If the UA does process the Pins and directives in the PKP-RO header, it SHOULD evaluate the specified policy and SHOULD report any would- be Pin Validation failures that would occur if the report-only policy were enforced. 2.3.3 . Noting a Pinned Host - Storage Model Evans, et al. Standards Track [Page 11]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 Section 3.2.2 of [RFC3986], then the UA MUST NOT note this host as a Known Pinned Host. Otherwise, if the substring does not congruently match an existing Known Pinned Host's domain name, per the matching procedure specified in Section 8.2 of [RFC6797], then the UA MUST add this host to the Known Pinned Host cache. The UA caches: o the Pinned Host's domain name, o the Effective Expiration Date, or enough information to calculate it (the Effective Pin Date and the value of the max-age directive), o whether or not the includeSubDomains directive is asserted, and o the value of the report-uri directive, if present. If any other metadata from optional or future PKP header directives are present in the Valid Pinning Header, and the UA understands them, the UA MAY note them as well. UAs MAY set an upper limit on the value of max-age, so that UAs that have noted erroneous Pins (whether by accident or due to attack) have some chance of recovering over time. If the server sets a max-age greater than the UA's upper limit, the UA MAY behave as if the server set the max-age to the UA's upper limit. For example, if the UA caps max-age at 5,184,000 seconds (60 days), and a Pinned Host sets a max- age directive of 90 days in its Valid Pinning Header, the UA MAY behave as if the max-age were effectively 60 days. (One way to achieve this behavior is for the UA to simply store a value of 60 days instead of the 90-day value provided by the Pinned Host.) For UA implementation guidance on how to select a maximum max-age, see Section 4.1. The UA MUST NOT modify any pinning metadata of any superdomain matched Known Pinned Host. Evans, et al. Standards Track [Page 12]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 2.3.4 . HTTP-Equiv Element Attribute W3C.REC-html401-19991224] in received content. 2.4 . Semantics of Pins RFC4648]. In this version of the specification, the known cryptographic hash algorithm is SHA-256, identified as "sha256" [RFC6234]. (Future specifications may add new algorithms and deprecate old ones.) UAs MUST ignore Pins for which they do not recognize the algorithm identifier. UAs MUST continue to process the rest of a PKP response header field and note Pins for algorithms they do recognize. Figure 5 reproduces the definition of the SubjectPublicKeyInfo structure in [RFC5280]. SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING } AlgorithmIdentifier ::= SEQUENCE { algorithm OBJECT IDENTIFIER, parameters ANY DEFINED BY algorithm OPTIONAL } Figure 5: SPKI Definition If the certificate's Subject Public Key Info is incomplete when taken in isolation, such as when holding a DSA key without domain parameters, a public key pin cannot be formed. We pin public keys, rather than entire certificates, to enable operators to generate new certificates containing old public keys (see [why-pin-key]). Evans, et al. Standards Track [Page 13]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 Appendix A for an example non-normative program that generates SPKI Fingerprints from certificates. 2.5 . Noting Pins Section 2.6. o The TLS connection was authenticated with a certificate chain containing at least one of the SPKI structures indicated by at least one of the given SPKI Fingerprints (see Section 2.6). o The given set of Pins contains at least one Pin that does NOT refer to an SPKI in the certificate chain. (That is, the host must set a Backup Pin; see Section 4.3.) If the PKP response header field does not meet all three of these criteria, the UA MUST NOT note the host as a Pinned Host. A PKP response header field that meets all these criteria is known as a Valid Pinning Header. Whenever a UA receives a Valid Pinning Header, it MUST set its Pinning Metadata to the exact Pins, Effective Expiration Date (computed from max-age), and (if any) report-uri given in the most recently received Valid Pinning Header. For forward compatibility, the UA MUST ignore any unrecognized PKP and PKP-RO header directives, while still processing those directives it does recognize. Section 2.1 specifies the directives max-age, Pins, includeSubDomains, and report-uri, but future specifications and implementations might use additional directives. Upon receipt of a PKP-RO response header field, the UA SHOULD evaluate the policy expressed in the field, and SHOULD generate and send a report (see Section 3). However, failure to validate the Pins in the field MUST have no effect on the validity or non-validity of the policy expressed in the PKP field or in previously noted Pins for the Known Pinned Host. Evans, et al. Standards Track [Page 14]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 2.6 . Validating Pinned Connections RFC6797].) If the connection has no errors, then the UA will determine whether to apply a new, additional correctness check: Pin Validation. A UA SHOULD perform Pin Validation whenever connecting to a Known Pinned Host, as soon as possible (e.g., immediately after receiving the Server Certificate message). It is acceptable to allow Pin Validation to be disabled for some Hosts according to local policy. For example, a UA may disable Pin Validation for Pinned Hosts whose validated certificate chain terminates at a user-defined trust anchor, rather than a trust anchor built-in to the UA (or underlying platform). To perform Pin Validation, the UA will compute the SPKI Fingerprints for each certificate in the Pinned Host's validated certificate chain, using each supported hash algorithm for each certificate. (As described in Section 2.4, certificates whose SPKI cannot be taken in isolation cannot be pinned.) The UA MUST ignore superfluous certificates in the chain that do not form part of the validating chain. The UA will then check that the set of these SPKI Fingerprints intersects the set of SPKI Fingerprints in that Pinned Host's Pinning Metadata. If there is set intersection, the UA continues with the connection as normal. Otherwise, the UA MUST treat this Pin Validation failure as a non-recoverable error. Any procedure that matches the results of this Pin Validation procedure is considered equivalent. A UA that has previously noted a host as a Known Pinned Host MUST perform Pin Validation when setting up the TLS session, before beginning an HTTP conversation over the TLS channel. UAs send validation failure reports only when Pin Validation is actually in effect. Pin Validation might not be in effect, e.g., because the user has elected to disable it, or because a presented certificate chain chains up to a user-defined trust anchor. In such cases, UAs SHOULD NOT send reports. Evans, et al. Standards Track [Page 15]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 2.7 . Interactions with Preloaded Pin Lists 2.8 . Pinning Self-Signed End Entities 3 . Reporting Pin Validation Failure RFC7159] message to the URI; the JSON message takes this form: { "date-time": date-time, "hostname": hostname, "port": port, "effective-expiration-date": expiration-date, "include-subdomains": include-subdomains, "noted-hostname": noted-hostname, "served-certificate-chain": [ pem1, ... pemN ], "validated-certificate-chain": [ pem1, ... pemN ], "known-pins": [ known-pin1, ... known-pinN ] } Figure 6: JSON Report Format Whitespace outside of quoted strings is not significant. The key/ value pairs may appear in any order, but each MUST appear only once. Evans, et al. Standards Track [Page 16]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 Section 5.6, "Internet Date/Time Format", of [RFC3339]. The hostname is the hostname to which the UA made the original request that failed Pin Validation. It is provided as a string. The port is the port to which the UA made the original request that failed Pin Validation. It is provided as an integer. The effective-expiration-date is the Effective Expiration Date for the noted Pins. It is provided as a string formatted according to Section 5.6, "Internet Date/Time Format", of [RFC3339]. include-subdomains indicates whether or not the UA has noted the includeSubDomains directive for the Known Pinned Host. It is provided as one of the JSON identifiers "true" or "false". noted-hostname indicates the hostname that the UA noted when it noted the Known Pinned Host. This field allows operators to understand why Pin Validation was performed for, e.g., foo.example.com when the noted Known Pinned Host was example.com with includeSubDomains set. The served-certificate-chain is the certificate chain, as served by the Known Pinned Host during TLS session setup. It is provided as an array of strings; each string pem1, ... pemN is the Privacy-Enhanced Mail (PEM) representation of each X.509 certificate as described in [RFC7468]. The validated-certificate-chain is the certificate chain, as constructed by the UA during certificate chain verification. (This may differ from the served-certificate-chain.) It is provided as an array of strings; each string pem1, ... pemN is the PEM representation of each X.509 certificate as described in [RFC7468]. UAs that build certificate chains in more than one way during the validation process SHOULD send the last chain built. In this way, they can avoid keeping too much state during the validation process. The known-pins are the Pins that the UA has noted for the Known Pinned Host. They are provided as an array of strings with the syntax: known-pin = token "=" quoted-string Figure 7: Known Pin Syntax Evans, et al. Standards Track [Page 17]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 Section 2.4, the token refers to the algorithm name, and the quoted-string refers to the base64 encoding of the SPKI Fingerprint. When formulating the JSON POST body, the UA MUST either use single- quoted JSON strings or use double-quoted JSON strings and backslash- escape the embedded double quotes in the quoted-string part of the known-pin. Figure 8 shows an example of a Pin Validation failure report. (PEM strings are shown on multiple lines for readability.) { "date-time": "2014-04-06T13:00:50Z", "hostname": "www.example.com", "port": 443, "effective-expiration-date": "2014-05-01T12:40:50Z" "include-subdomains": false, "served-certificate-chain": [ "-----BEGIN CERTIFICATE-----

MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT

... HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto

WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6

yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx

-----END CERTIFICATE-----", ... ], "validated-certificate-chain": [ "-----BEGIN CERTIFICATE-----

MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT

... HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto

WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6

yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx

-----END CERTIFICATE-----", ... ], "known-pins": [ 'pin-sha256="d6qzRu9zOECb90Uez27xWltNsj0e1Md7GkYYkVoZWmM="', "pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\"" ] } Figure 8: Pin Validation Failure Report Example Evans, et al. Standards Track [Page 18]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 4 . Security Considerations 4.1 . Maximum max-age Section 2.3.3, UAs MAY cap the max-age value at some upper limit. There is a security trade-off in that low maximum values provide a narrow window of protection for users who visit the Known Pinned Host only infrequently, while high maximum values might result in a UA's inability to successfully perform Pin Validation for a Known Pinned Host if the UA's noted Pins and the host's true Pins diverge. Such divergence could occur for several reasons, including: UA error; host operator error; network attack; or a Known Pinned Host that intentionally migrates all pinned keys, combined with a UA that has noted true Pins with a high max-age value and has not had a chance to observe the new true Pins for the host. (This last example underscores the importance for host operators to phase in new keys gradually and to set the max-age value in accordance with their planned key migration schedule.) Evans, et al. Standards Track [Page 19]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 4.2 . Using includeSubDomains Safely Evans, et al. Standards Track [Page 20]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 4.3 . Backup Pins Section 2.5). The down side of keeping a not-yet-deployed key pair is that, if an attacker gains control of the private key, she will be able to perform a MITM attack without being discovered. Operators must take care to avoid leaking the key such as keeping it offline. 4.4 . Interactions With Cookie Scoping RFC6265] set by a Known Pinned Host can be stolen by a network attacker who can forge web and DNS responses so as to cause a client to send the cookies to a phony subdomain of the host. To prevent this, hosts SHOULD set the "secure" attribute and precisely scope the "domain" attribute on all security-sensitive cookies, such as session cookies. These settings tell the browser that the cookie should only be sent back to the specific host(s) (and not, e.g., all subdomains of a given domain), and should only be sent over HTTPS (not HTTP). 4.5 . Hostile Pinning Section 4.1). Web host operators can reduce the opportunity for Evans, et al. Standards Track [Page 21]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 RFC6962]). 5 . Privacy Considerations RFC3546]) and subdomains to distinguish UAs. 1. example.com sets a Valid Pinning Header in its response to requests. The header asserts the includeSubDomains directive. Evans, et al. Standards Track [Page 22]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 https://0.fingerprint.example.com/ foo.png, and the server responds using a certificate chain that does not pass Pin Validation for the pin-set defined in the Valid Pinning Header in step (1). The HPKP-conforming UA will close the connection, never completing the request to 0.fingerprint.example.com. The host may thus note that this particular UA had noted the (good) Pins for that subdomain. 3. example.com can distinguish 2^N UAs by serving Valid Pinning Headers from an arbitrary number N distinct subdomains. For any given subdomain n.fingerprint.example.com, the host may deliver a Valid Pinning Header to one UA, but not deliver it to a different UA. The server may then change the configuration for n.fingerprint.example.com. If the UA fails to connect, it was in the set of UAs that were pinned, which can be distinguished from the UAs that were not pinned, as they will succeed in connecting. The host may repeat this for a sufficient number of subdomains necessary to distinguish individual UAs. o Conforming implementations (as well as implementations conforming to [RFC6797]) must store state about which domains have set policies, hence which domains the UA has contacted. Because these policies cause remotely detectable behaviors, it is advisable that UAs have a way for privacy-sensitive users to clear current Pins for Pinned Hosts and that UAs allow users to query the current state of Pinned Hosts. In addition, note that because pinning a host implies a degree of persistent state, an attacker with physical access to a device may be able to recover information about hosts a user has visited, even if the user has cleared other parts of the UA's state. o Pin reports, as noted in Section 3, contains information about the certificate chain that has failed pin validation. In some cases, such as organization-wide compromise of the end-to-end security of TLS, this may include information about the interception tools and design used by the organization that the organization would otherwise prefer not be disclosed. Evans, et al. Standards Track [Page 23]

RFC 7469 Public Key Pinning Extension for HTTP April 2015 TACK] is a fruitful source of alternative design considerations. Authors' Addresses Chris Evans Google, Inc. 1600 Amphitheatre Pkwy Mountain View, CA 94043 United States EMail: cevans@google.com Chris Palmer Google, Inc. 1600 Amphitheatre Pkwy Mountain View, CA 94043 United States EMail: palmer@google.com Ryan Sleevi Google, Inc. 1600 Amphitheatre Pkwy Mountain View, CA 94043 United States EMail: sleevi@google.com Evans, et al. Standards Track [Page 28]