Discuss key rotation.

Mostly stealing text from @ddworken. This also adds a note about the possibility to pin multiple keys, which closes #8.
WICG · Oct 9, 2024 · a7fae91 · a7fae91
1 parent 4c63087
commit a7fae91
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 2 deletions.
diff --git a/index.bs b/index.bs
@@ -361,6 +361,28 @@ more than we need today, and substantially more work. Perhaps something small
 is good enough?
 
 
+Key Rotation {#deployment-key-rotation}
+---------------------------------------
+
+Since this design relies on websites pinning a specific public key in the
+`integrity` attribute, this design does not easily support key rotation. If a
+signing key is compromised, there is no easy way to rotate the key and ensure
+that reliant websites check signatures against an updated public key.
+
+For now, we think this is probably enough. If the key is compromised, the
+security model falls back to the status quo web security model, meaning that
+the impact of a compromised key is limited. In the future if this does turn
+out to be a significant issue, we could also explore alternate designs that
+do support key rotation. One simple proposal could be adding support for the
+client to signal the requested public key in request headers, allowing
+different parties to specify different public keys. A more complex proposal
+could support automated key rotation.
+
+Note: This proposal does support pinning multiple keys for a single
+resource, so it will be possible to support rotation in a coordinated way
+without requiring each entity to move in lockstep.
+
+
 Security Considerations {#security}
 ===================================
 

diff --git a/index.html b/index.html
@@ -7,7 +7,7 @@
   <link href="https://www.w3.org/StyleSheets/TR/2021/W3C-UD" rel="stylesheet">
   <meta content="Bikeshed version 82ce88815, updated Thu Sep 7 16:33:55 2023 -0700" name="generator">
   <link href="https://mikewest.github.io/signature-based-sri/" rel="canonical">
-  <meta content="7a76a3c201613ef4c332351aad3c0a2c09578a64" name="document-revision">
+  <meta content="4c630876384fd7e40b18ad0f44053040dcb5ffec" name="document-revision">
 <style>/* Boilerplate: style-autolinks */
 .css.css, .property.property, .descriptor.descriptor {
     color: var(--a-normal-text);
@@ -670,7 +670,7 @@
   <div class="head">
    <p data-fill-with="logo"><a class="logo" href="https://www.w3.org/"> <img alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2021/logos/W3C" width="72"> </a> </p>
    <h1 class="p-name no-ref" id="title">Signature-based Integrity</h1>
-   <p id="w3c-state"><a href="https://www.w3.org/standards/types#UD">Unofficial Proposal Draft</a>, <time class="dt-updated" datetime="2024-10-08">8 October 2024</time></p>
+   <p id="w3c-state"><a href="https://www.w3.org/standards/types#UD">Unofficial Proposal Draft</a>, <time class="dt-updated" datetime="2024-10-09">9 October 2024</time></p>
    <details open>
     <summary>More details about this document</summary>
     <div data-fill-with="spec-metadata">
@@ -732,6 +732,7 @@ <h2 class="no-num no-toc no-ref" id="contents">Table of Contents</h2>
      <a href="#deployment"><span class="secno">3</span> <span class="content">Deployment Considerations</span></a>
      <ol class="toc">
       <li><a href="#deployment-key-management"><span class="secno">3.1</span> <span class="content">Key Management</span></a>
+      <li><a href="#deployment-key-rotation"><span class="secno">3.2</span> <span class="content">Key Rotation</span></a>
      </ol>
     <li>
      <a href="#security"><span class="secno">4</span> <span class="content">Security Considerations</span></a>
@@ -1103,6 +1104,21 @@ <h3 class="heading settled" data-level="3.1" id="deployment-key-management"><spa
 aspects of the web PKI to chain trust, allow delegation, etc. That seems like
 more than we need today, and substantially more work. Perhaps something small
 is good enough?</p>
+   <h3 class="heading settled" data-level="3.2" id="deployment-key-rotation"><span class="secno">3.2. </span><span class="content">Key Rotation</span><a class="self-link" href="#deployment-key-rotation"></a></h3>
+   <p>Since this design relies on websites pinning a specific public key in the <code>integrity</code> attribute, this design does not easily support key rotation. If a
+signing key is compromised, there is no easy way to rotate the key and ensure
+that reliant websites check signatures against an updated public key.</p>
+   <p>For now, we think this is probably enough. If the key is compromised, the
+security model falls back to the status quo web security model, meaning that
+the impact of a compromised key is limited. In the future if this does turn
+out to be a significant issue, we could also explore alternate designs that
+do support key rotation. One simple proposal could be adding support for the
+client to signal the requested public key in request headers, allowing
+different parties to specify different public keys. A more complex proposal
+could support automated key rotation.</p>
+   <p class="note" role="note"><span class="marker">Note:</span> This proposal does support pinning multiple keys for a single
+resource, so it will be possible to support rotation in a coordinated way
+without requiring each entity to move in lockstep.</p>
    <h2 class="heading settled" data-level="4" id="security"><span class="secno">4. </span><span class="content">Security Considerations</span><a class="self-link" href="#security"></a></h2>
    <h3 class="heading settled" data-level="4.1" id="security-secure-context"><span class="secno">4.1. </span><span class="content">Secure Contexts</span><a class="self-link" href="#security-secure-context"></a></h3>
    <p>SRI does not require a secure context, nor does it apply only to resources