jcjones
commented
7 years ago I've reviewed all of your comments, and thought through privacy considerations some more, taking more ideas from RFC7469. One I didn't resolve was about the super-cookie consideration: I'm not (yet) able to convince myself of how that would work, so I'm not sure how to write it up.
The HPKP super-cookie is dependent upon two things: 1) The ease of setting pins that aren't checked at "note time" 2) {less important} Cascading set pins to subdomains
Expect-CT doesn't have an equivalent to setting unchecked pins, and nor does it have includeSubDomains. So it seems to be to produce a super-cookie scenario one would need to:
1) Set up X tracking websites, each in a good Expect-CT state and emitting Expect-CT headers
2) Compel clients to Note a unique subset of those X tracking websites, Y where Y ⊂ X.
3) Reconfigure a subset Z of those X tracking websites to violate CT policy where Z ⊂ X.
4) Compel clients to connect to all of those X tracking websites and use the resulting failure list to derive the client's identity.
This seems to be much harder than providing unique report-uri values to each client and prompting a failure... but I'm probably missing something obvious!
I'll be happy to talk through the attack a bit more and take another try at it, maybe in a different PR.
estark37
bifurcation
These are all the considerations from my notes, as well as a few more that I've dreamed up.
The first commit also updates the README a bit.