[Ach] bettercrypto.org cert blocked in chrome 56

[Terje Elde]

> On 30 Nov 2016, at 00:33, Alexander Wuerstlein <arw at cs.fau.de> wrote:
> 
> Whereas HPKP has the nice new attack surface of "now I've -unbeknownst
> to you- got access and secretly fed your users my key. Now I've deleted
> it form the box. Pay me or kill your domain". 

Interestingly, that attack-vector is there even if you don’t configure HPKP yourself, if you’re compromised to that degree.  The argument can also be flipped as a pro-HPKP argument as well;

One could easily argue that using HPKP reduces the risk that someone with a rouge certificate for your site successfully serves up a HPKP pin of their own.

Keep in mind that having a rouge certificate out there doesn’t mean a CA has to be compromised for example.  It could be something as simple as a previous domain owner having bought a 10 year SSL-certificate for the site you now own, or having previously used a shared SSL-infrastructure that later become compromised.  Or a disgruntled employee that took off with the keys, a partnership that went bad and there’s a disagreement about owership of the domain, and so on and so forth.  Or a MitM-proxy, fooling users with a fake or company-enforced root CA.  For all those cases, using HPKP could both help you retain control of the domain and it’s traffic, and also help you avoid your adversary pinning his/her keys instead of yours.


Don’t get me wrong, it’s an interesting point, and quite valid in a general discussion about HPKP.  I’m just not sure if it’s a very good argument against using HPKP in the context of a practical/applied guide.

Terje