It allows a server to specify the only set of certificates that a browser should accept. Meaning that MITM'ing is impossible, without a valid cert in the chain of one of the advertised trusted certificates from the server.
Chrome, Firefox, Opera, Chrome for Android, and the Android stock browser all support it.
I'm not sure how they intend to circumvent this problem, apart from perhaps just instructing users to not use those browsers? That's quite difficult to put into practice.
HPKP is great, but it doesn't address this problem.
At the very least, this clarifies intentions and helps somewhat with situations like the Dell certificate where it's not intended for MitM.
After that, IE and Firefox will follow and crypto will no longer be so trivially subverted by enterprise organizations.
If they block custom certificates, then malware will patch the process to disable the checks.
And in this case the Kazakh government could say "For your safety, the Chrome doesn't work with our Internet. Please use our Khrome instead".
I disagree with you.
It would also be a good way for them to start pushing a "two party consent" model for private wiretapping -- It's illegal for my employer to record my office phone because it's a violation of the other party's rights. Facebook has as much a stake in not letting employers monitor employee's social media use as the employees do.
Part of me hopes you are wrong, because I think encryption and security don't need to be opposing forces and MITM isn't required for strong security (though maybe for good GRC and audit).
Which is a blatant security risk, which should be fixed immediately.
> wouldn't be deployable inside large companies that have regulatory requirements to monitor traffic from their own desktops
I guess they don't use ssh?
This claim is complete nonsense, because you are conflating the installing of a certificate with a capability to override HPKP. All those businesses need is a way to add an exception to HPKP. This is no more difficult that any other IT-managed configuration.
The bug here is the assumption that installing a certificate always means HPKP should be overridden. This assumption is patently not universally true, as this Kazakhstan situation demonstrates.
> no benefit
Why is it that so many people seem to forget about the concept of Defense In Depth when one of the layers of protection is attacked?
A physical-key analogy: there is a decent chance the lock on your home's front door can be opened trivially with a bump key, which is an attack against the entire class of traditional pin-and-tumbler locks. The many homes that have such a lock can be entered in seconds. Does this mean that they shouldn't bother locking their front door? No - while it might be a good idea to invest in a better lock, forcing someone to bump the lock has benefits. Someone trying to enter your house might not have the right tool. If they do carry a bump key, that could have legal consequences ("burglar's tools").
Layered defenses help to reduce attack surface and raise the attack cost.
> less transparent
I fail to see how forcing an attacker to patch binaries or otherwise work around HPKP. Doing so will leave clear evidence that the system has been tampered with. On the other hand, a proper certificate has a small amount of plausible deniability.
> it doesn't address this problem
It doesn't solve the problem, but it should be a speed-bump that makes the attack harder, raising the cost of MitM.
If you want to be outraged about it, that's fine. I know other smart people who are also outraged about it.
Remember, though: we largely have Google and Chromium to thank for pioneering certificate pinning in the first place.
Even if pins overrode locally installed certificates, all they would have to do is to block all outgoing raw HTTPS traffic. All these browser-side security mechanisms can do is to refuse to initiate insecure connections (and inform the vendors about broken pins). They can't force a network that is actively designed to forbid private connections to allow them.
You can read more about how Google does certificate pinning here: https://www.imperialviolet.org/2011/05/04/pinning.html