Google Deprecates Support for HTTP Public Key Pinning (HPKP)
Once championed by Google, HPKP will soon be gone completely.
HTTP Public Key Pinning (HPKP) is a security standard that forces browsers to only accept certain “pinned” public keys when visiting a host for a given period of time. Google first introduced the feature back in 2015. But while it was well-intentioned, HPKP never really took off like anticipated.
On Friday, Chris Palmer wrote on Google’s Chromium blog that HPKP is dead.
Google will deprecate support for it next Spring, likely for the release of Chrome 67 in May. Chrome (and Opera) were the only major browsers that even fully support HPKP. Firefox never finished rolling out support and both Apple and Microsoft never even tried with their browsers.
A Palmer writes: “There is no compatibility risk; no website will stop working as a result of the removal of static or dynamic PKP.”
What went wrong with HPKP?
There was already quite a bit of chatter about why HPKP wasn’t worth setting up from industry luminaries like Scott Helme. In fact, our own Vincent Lynch even wrote an article about why HPKP is not an ideal choice.
Essentially it comes down to this. HPKP is kind of a clunky way to accomplish several things that are already being done better by other mechanisms and protocols. Here’s how Palmer explains it:
PKP offers a way to defend against certificate misissuance, by providing a Web-exposed mechanism (HPKP) for sites to limit the set of certificate authorities (CAs) that can issue for their domain. However, this exposes as part of the Open Web Platform considerations that are external to it: specifically, the choice and selection of CAs is a product-level security decision made by browsers or by OS vendors, and the choice and use of sub-CAs, cross-signing, and other aspects of the PKI hierarchy are made independently by CAs.
As a consequence, site operators face difficulties selecting a reliable set of keys to pin to, and adoption of PKP has remained low. When site operators’ expectations don’t match the reality of trust anchors on real world client machines, users suffer. Unexpected or spurious pinning errors can result in error fatigue rather than user safety.
It is hard to build a pin-set that is guaranteed to work, due to the variance in both user-agent trust stores and CA operations.
There is a risk of rendering a site unusable.
There is a risk of hostile pinning, should an attacker obtain a misissued certificate. While there are no confirmed or rumored cases of this having happened, the risk is present even for sites that don’t use PKP.
Pay specific attention to the three risks that Palmer brings up. It’s difficult to build the correct pin set. Lots of people, not understanding what they were actually doing, have made their sites unusable by actually building the wrong pin sets. And finally, there’s an attack vector that, while as of yet not exploited, could have disastrous ramifications.
Basically, it comes down to this, somebody with the requisite knowledge and background could make expert use of HPKP and it would work exactly as it was intended. Unfortunately, if you don’t know what you’re doing it’s possible to do more harm than good. And there are far more people on the web that fall into that second category than the first.
Then there’s the fact that HPKP could be exploited to do substantial harm if someone could obtain a mis-issued certificate. Generally, it’s not a good sign when a mechanism that’s designed to “defend against certificate mis-issuance” can actually be used to make certificate mis-issuance worse. Which it can hypothetically do in the form of “hostile pinning.”
In that scenario, hostile pinning could leave a website unusable. And HPKP was not designed with a recovery mechanism, which is, as SSL Labs’ Ivan Ristic states it, “problematic.”
Yes, I would say being “pinned” out of your own website would qualify as problematic.
As per what site operators should do in lieu of HPKP, Palmer writes:
“To defend against certificate misissuance, web developers should use the Expect-CT header, including its reporting function. Expect-CT is safer than HPKP due to the flexibility it gives site operators to recover from any configuration errors, and due to the built-in support offered by a number of CAs.”
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown