Recipe quick takes: King Arthur Flour’s whole-wheat pumpkin bread

Posted on 2015-10-30 by

If you read the last installment, you’ll recall that I had to do a bunch of shuffling of my baking schedule as a result of a critical ingredient not being available. As a result, I ended up moving a pumpkin cake recipe that I was planning to do for Thanksgiving week up three weeks, to this coming weekend. It calls for a cup of pumpkin, and that sent me scurrying to find other recipes that I could use the rest of that bag of frozen pumpkin purée — you see, a cup of pumpkin is about 9½ ounces, but most pie recipes call for 15 ounces (the modern standard can size) or a whole pound (the old standard can size, and thus the weight I use when putting up my own homemade pumpkin purée). I thought I had found a recipe that used ¾ cup, which would have been close enough, but on rereading I decided that it was too involved, and went to look for another recipe. I ended up doing the pumpkin bread recipe from King Arthur Flour’s Whole Grain Baking (Countryman Press, 2006; p. 51), but that also calls for a cup of pumpkin — so I had to thaw a second package of purée anyway! We’ll see what I can manage to do with the remaining 13 ounces. In the mean time, here’s a quick review of this excellent quickbread:

Mise en place
This bread is made by the creaming method, starting with a stick (110 g) of butter, 1¾ oz (50 g) of granulated sugar, and 7½ oz (215 g) of brown sugar; I used India Tree brand dark muscovado for the brown sugar, which brings a wonderful molassesey moistness to pretty much everything. The other wet ingredients are three large eggs, a teaspoon of vanilla, and the aforementioned cup (9½ oz, 270 g) of homemade pumpkin purée. On the dry team, it’s 100% whole-wheat flour, half a pound (225 g) of it, along with a teaspoon of baking soda, half a teaspoon each of baking powder and salt, the usual spices (½ tsp cinnamon, ½ tsp cloves, and ¼ tsp freshly grated nutmeg), three ounces (85 g) of chopped nuts — I used pecans, toasted of course — and 4½ ounces (130 g) of dried fruit. Since it is that time of year, I chose to use dried cranberries for my fruit, but you could use raisins or dried cherries instead.

Creamed butter and dark muscovado
This quickbread is made, as I said, by the creaming method, and one stick of butter is just not enough to cream in the stand mixer, so I got out my hand mixer and creamed the butter alone (this involved some swapping of containers) before adding the sugars and beating well. One downside of the dark muscovado is that it can be a bit lumpy — I generally find that the lumps bake out just fine, but it can be a bit disconcerting to look down in the bowl and see all these brown lumps interrupting your nice creamed butter-and-sugar mixture.

Butter, sugar, and egg mixture
The three eggs are added, one at a time, scraping the bowl between each addition, along with the vanilla. At this point, it looks as much like a cookie batter as a bread dough, although with three eggs it has more water and less fat than most cookies.

Now with added pumpkin!
Because the dark muscovado is so dark, it’s not that easy to tell that the pumpkin purée has been added. At this point, the flour, leaven, and spices are sifted together in another bowl, then carefully mixed in — I put down the hand mixer and just folded with a spatula — followed by the nuts and dried fruit. The dough, although thicker, is still pourable at this point, and it is baked in a prepared 9×5-inch (230 mm×130 mm) loaf pan at 350°F (175°C) for about an hour, until a tester inserted in the center comes out clean.

Baked and cooled loaf of pumpkin bread
After cooling in the pan for about 20 minutes, the pumpkin bread is depanned and allowed to cool completely on a wire rack; this is important to ensure that the crust doesn’t get soggy. (If you like soft, sticky crusts, by all means leave it in there, but I prefer some texture.) You might think this bread was overbaked by the way it looks on the outside, but that’s really a result of the dark brown sugar. Once cool, it can be wrapped in a clean tea towel until ready to portion and serve.

Sliced pumpkin bread in Tupperware container
Of course for me, “portion and serve” means “pack up to bring to work and feed my colleagues” — which is just what I did. The recipe headnote says that it makes 16 servings, and I think that’s pretty reasonable. Rather than trying to cut 16 even, thin slices crosswise, I chose instead to slice the loaf in half lengthwise, and then cut 8 crosswise slices, giving the appearance of a more substantial serving (so much so that several tasters wanted to cut my pieces in even smaller chunks).

Pumpkin bread on cutting board, showing cross-section
I think both the pecans and the dried cranberries were fabulous here, adding just the right amount of texture, and the perfect complement to the molasses flavor of the dark muscovado and the hearty whole-wheat flour. I did not receive a single negative comment on this one, not even from tasters I know to be fussy and exacting. Highly recommended.

Nutrition

Nutrition Facts
Serving size: 1/16 of a 9×5″ loaf
Servings per recipe: 16
Amount per serving
Calories 235 Calories from fat 99
% Daily Value
Total Fat 11g 16%
 Saturated Fat 4g 21%
Trans Fat 0g
Cholesterol 50mg 17%
Sodium 198mg 8%
Potassium 41mg 1%
Total Carbohydrate 34g 11%
 Dietary fiber 3g 12%
 Sugars 21g
Proteins 4g 7%
Vitamin A 16%
Vitamin C 0%
Calcium 4%
Iron 6%
Posted in Food | Tagged , , , ,

Recipe quick takes: Zoe Nathan’s Chocolate Banana Walnut Cake

Posted on 2015-10-28 by

This past weekend, I was supposed to be doing Black Chocolate Stout Cake from Ovenly, but Black Chocolate Stout wasn’t available the weekend before, so I had to change my plans. As it turns out, it won’t be available until mid-November (when I’ll be traveling anyway), so I had to change plans even more extensively, but let’s not get ahead of matters. The easiest thing to do was to simply move up the cake I was planning on for next weekend, “Chocolate Banana Walnut Cake” from Zoe Nathan’s Huckleberry (Chronicle Books, 2014; p. 86) — but of course I had to make that decision two weekends ago, so that the eight bananas the recipe calls for would have time to ripen. Here’s how it went:

Mise en place
We start as usual with the mise en place. The pie plate at right contains the mashed remains of five bananas; the other three fruit would be sliced up to go on top of cake right before baking, so I haven’t even peeled them yet. The other wet ingredients are 100 g of sugar, two large eggs, a stick (112 g) of unsalted butter, one cup (240 ml, or about 1½ standard 170 g containers) of plain whole-milk yogurt, and two teaspoons of vanilla. On the dry team, we have 130 g of all-purpose flour, 90 g of traditional (red) whole-wheat flour, 30 g of almond meal, half a tablespoon each of baking powder and soda, a teaspoon of kosher salt, 130 g of chopped dark chocolate (I used Valrhona Manjari), and 60 g of toasted, chopped walnuts (I used black walnuts).

Butter and sugar before creaming
The recipe calls for creaming the butter and sugar together in a stand mixer, but the amount of both is so small that my stand mixer’s paddle would barely make contact, so I used a hand mixer instead. This cake certainly doesn’t need to be mixed in a six-quart bowl.

All the wet ingredients mixed
After creaming, the recipe would have you dump all the rest of the ingredients in at once, or so it reads to me at least. I took a more judicious approach, adding all of the remaining wet ingredients, so I could still use the electric mixer, before folding in the dry ingredients (salt and leavening having been previously mixed with the flours).

Fully mixed cake batter
After folding the dry team into the wet, the cake batter is ready to pan up. Nathan suggests a variety of different pan formats in the recipe headnote, but the instructions are written for a ten-inch (25 cm) round cake pan, so that’s what I used. I used baking spray to adhere a parchment round to the bottom of the pan, then coated the entire pan with more baking spray for a clean release. Before baking, the remaining three bananas are sliced crosswise and arranged atop the batter, then sprinkled with an additional two tablespoons of sugar. The cake was baked in a 350°F (160°C) oven for just over an hour — the recipe gives an overprecise figure of 65 minutes — until a tester came out clean.

Baked cake, cooling in pan, showing overflow
The cake cools for about 15 minutes in the pan, so that the starches have time to set up. You can see that the cake batter overflowed slightly (I wish I had remembered to take a picture of the unbaked batter so you could compare), but it didn’t make too much of a mess. As the cake cooled it pulled away from the side, but I gave it a bit of help with a paring knife to ensure that it wouldn’t stick anywhere and crack.

Inverting cake onto board
After 15 minutes of cooling, I inverted the cake onto a parchment-wrapped cutting board. Nathan says to carefully remove the parchment from the bottom, but I found that the parchment stuck to the pan when I pulled it off, saving me the effort. (The baking spray probably helped.) Some of the tasters would have preferred a bit less browning on the edges and bottom; these lightweight anodized-aluminum cake pans transmit heat rather too well.

Finished cake, right side up, on cake stand
After removing the pan, one more flip was required to put the cake right-side-up on my cake stand.

Unfortunately, I don’t have a photo of an individual slice to show you, as I was in a hurry to get to work Monday morning and didn’t pre-slice the cake like I usually do. I can tell you that the crumb was coarse, reminiscent of a quickbread, but very tasty. The chocolate chunks settled, for the most part, around the bottom and edges of the cake, which turned some tasters off; one taster complained about the banana slices on top. I felt the walnuts were probably wasted here: I certainly didn’t notice them, despite the fact that I had used black walnuts, which normally have a very distinctive flavor. Sue Felshin commented that she would have preferred banana-walnut cake, or chocolate-banana cake, but didn’t think the combination of all three was very successful.

Nutrition

Based on using Valrhona Manjari 64% for the chocolate chunks.

Nutrition Facts
Serving size: 1/12 of a 10″ cake
Servings per recipe: 12
Amount per serving
Calories 396 Calories from fat 171
% Daily Value
Total Fat 19g 30%
 Saturated Fat 9g 44%
Trans Fat 0g
Cholesterol 54mg 18%
Sodium 341mg 14%
Potassium 393mg 11%
Total Carbohydrate 54g 18%
 Dietary fiber 6g 23%
 Sugars 28g
Proteins 8g 16%
Vitamin A 7%
Vitamin C 1%
Calcium 8%
Iron 4%
Posted in Food | Tagged , , , , | 2 Comments

Recipe quick takes: Joanne Chang’s Double Chocolate Whoopie Pies

Posted on 2015-10-25 by

Snap quiz: What do you do when you have leftover crème fraîche you don’t know what to do with? There aren’t as many options as you’d think, at least not until you start doing serious recipe development (ok, how much buttermilk plus butter can you swap out for an ounce of crème fraîche?) so the obvious answer is, “Look at a Joanne Chang cookbook and see if there’s a recipe that calls for the exact amount you have left over (or close enough to it).” You can, of course, use your leftover crème fraîche to make more crème fraîche — perhaps if you’re looking for some homemade butter that would be a good option, so long as you’re sure what you’ve got has the right bacterial cultures in it (and they’re still alive). But Joanne Chang uses crème fraîche a lot, so you can pretty much always find a recipe that combines it with a bunch of pantry ingredients to make something tasty. So it was for me, after making her Midnight Chocolate Cake (which calls for only a small amount of crème fraîche) — despite being already cultured, the stuff still doesn’t keep forever, so I had probably not more than a month to use the rest of it.

That brought me to Baking with Less Sugar (Chronicle Books, 2015). My issues with the misconception underlying this cookbook have been discussed in previous articles, and readers would do well to take into consideration that Chang doesn’t actually mean “baking with less sugar”, she means “baking with less granulated sugar called out as an explicit ingredient“, which is of no great virtue. Still, there’s nothing wrong with these recipes, so long as you don’t confuse them for dietetic products — 17 grams of sugar is 17 grams of sugar, regardless of whether you put it in yourself or Valrhona puts it in at the chocolate factory. Thus we come to “Double Chocolate Whoopie Pies” (p. 72), a recipe in which nearly all of the sugar comes from the chocolate which is used to flavor both the cakes and the filling (the rest being from the dairy ingredients). The recipe is very simple, requiring few ingredients beyond a pound of melting chocolate, the usual pantry staples, fresh cream, and the aforementioned crème fraîche. Here is how it goes:

Mise en place for cakes
Each whoopie pie will be a sandwich of two cakes and a simple ganache filling, so we start by making the cakes. (If you’re in a hurry, you should probably start with the ganache instead — it will need to set for several hours until it’s spreadable, which will take longer than the cakes will need to cool.) The wet ingredients are 85 g of unsalted butter, 120 g of crème fraîche, two large whole eggs, two egg yolks, two teaspoons of vanilla, and 280 g of bittersweet chocolate. (I used Valrhona Caraïbe 66% “feves”, or baking discs, which have the benefit of not needing to be further chopped before melting.) The dry team consists of 140 g of all-purpose flour, a teaspoon of baking powder, and half a teaspoon each of baking soda (to neutralize the crème fraîche) and kosher salt.

Chocolate and butter melted together
The first step is to melt the chocolate and butter together, either in a double boiler, or (much simpler) in the microwave. When melting chocolate in the microwave, it’s best to go in 20-to-30-second bursts, then stir, lest hot spots develop — otherwise it’s very likely that some of your chocolate will overheat and burn before it’s all melted. (The double boiler prevents this by uniformly warming the chocolate with the heat of the steam as it hits the bottom of the bowl and condenses, thereby limiting the temperature to the boiling point of water — but it’s still important to stir!)

All of the wet ingredients after mixing
After whisking in all the rest of the wet ingredients, the mixture has become somewhat more glossy; this is primarily a result of the egg whites. The dry ingredients are then stirred or folded in using a spoon or a rubber spatula, and the batter must be allowed to sit at room temperature for about half an hour to thicken and cool to room temperature. While it’s thickening, the baking soda and baking powder are also releasing carbon dioxide into the batter, forming bubbles that will determine the final texture of the cakes.

Last batch of nine cakes
I used a #40 disher to portion out the cakes onto parchment-lined cookie sheets. This gave me 21 cakes in total, which (being an odd number) is one too many — so I ate the extra one. (Chang describes the correct portion as “golf-ball-size”, so I went through all the dishers in my drawer to find the one closest to that size. Dishers are sized by the number of scoops to the quart, so this is 4/5 of a fluid ounce; you can usually find the size stamped or etched on the “sweeper” blade.) They are baked in a 325°F (160°C) oven until “just barely firm when touched in the center”, which for me took 14 minutes.

First batch of twelve cakes, cooling
The first batch of cakes came out of the oven with a rather more irregular surface texture than I was expecting, given both my prior experience with whoopie pies and also the photos in Chang’s book. I wonder if my oven is a bit too hot? (Should have checked my oven thermometer first!)

Now it’s time to make the filling, which is a standard ganache made with 170 g of chocolate (I used the slightly stronger Valrhona Guanaja 70% for this one) and 180 g (¾ cup) of heavy cream. The usual procedure applies: scald the cream, pour over the chocolate, let stand for 30–60 seconds, whisk until smooth, then let cool to room temperature or until the desired consistency is reached. In this case, it needs to be spreadable; if the ganache is applied to the cakes before it has firmed up enough, it will ooze out of the middle of the sandwich rather than forming a stable filling.

Matching cakes of similar size
Once both sheets of cakes have cooled fully on a wire rack, it’s time to prepare them for applying the filling. This mostly means sorting them: for the best sandwich effect, you want the filling to stay on the inside, which means finding cakes that are very nearly the same size and shape on the bottom. I arrayed them all on my cutting board and then swapped the mismatches until I was happy with the result.

Ten assembled whoopie pies
Using an offset spatula, spread the ganache between two cakes and press together to adhere. This recipe makes ten whoopie pies, although I had a couple tablespoons of leftover ganache (<burp>) to go along with my one extra cake.

A single whoopie pie
The result says more “sandwich cookie” to me than what I’m used to in a whoopie pie: commercial bakery whoopie pies (which seem to all be pumpkin-flavored this time of year) are more muffiny in texture, and the cakes are moist and sticky on the outside while still being crumbly and friable when you bite into them. These, on the other hand, are much drier, both outside and in, and more tender, but have a far richer filling than the usual hyper-sweet frosting than is usual for a bakery whoopie pie. So I’d say there are upsides and downsides to Chang’s version here. I wouldn’t mind doing a side-by-side with her “Oreo” sandwich cookies (how has she not gotten sued by Mondelez yet?), which aren’t anything like the real Oreos in anything but color, but share a lot of textural similarities with these whoopie pies.

As I’m writing this on a Saturday, I haven’t had a chance to share these with my coworkers — that will take at least until Tuesday, which is well before my self-imposed deadline for publishing this post.

Nutrition

Based on using Valrhona Caraïbe 66% for the cakes and Valrhona Guanaja 70% for the ganache filling.

Nutrition Facts
Serving size: 1 sandwich
Servings per recipe: 10
Amount per serving
Calories 470 Calories from fat 315
% Daily Value
Total Fat 35g 54%
 Saturated Fat 22g 109%
Trans Fat 0g
Cholesterol 114mg 38%
Sodium 184mg 8%
Total Carbohydrate 26g 9%
 Dietary fiber 6g 23%
 Sugars 17g
Proteins 7g 14%
Vitamin A 11%
Vitamin C 0%
Calcium 7%
Iron 13%
Posted in Food | Tagged , ,

Other people’s recipes: Joanne Chang’s Boston Cream Pie

Posted on 2015-10-23 by
Half-sheet pan lined with parchment

This gallery contains 15 photos.

Boston Cream Pie creates a lot of confusion. While it is from Boston, it doesn’t necessarily have any cream in it, and it’s a layer cake, not a pie. Opinions differ greatly on what the cake should be filled with: … Continue reading

Gallery | Tagged , , ,

Other people’s recipes: Joanne Chang’s Midnight Chocolate Cake with Milk Chocolate Buttercream

Posted on 2015-10-16 by
Mise en place for cake

This gallery contains 16 photos.

When I started my summer baking project last June, I did not expect one recipe to be head-and-shoulders more popular than all the others: Joanne Chang’s “Midnight Chocolate Cake with Milk Chocolate Buttercream” from Flour (Chronicle Books, 2010; p. 162). I … Continue reading

Gallery | Tagged , , , , ,

Recipe quick takes: Emily Luchetti’s Ricotta Cheesecake with golden raisins and tart cherries

Posted on 2015-10-12 by
Mise en place

This gallery contains 9 photos.

This was one of two cheesecake recipes I was originally considering making for my grandmother’s birthday back in August. I put this one off indefinitely, but when my travel (or lack thereof) plans became a bit clearer, I added it … Continue reading

Gallery | Tagged , , ,

We tasted some chocolate

Posted on 2015-10-09 by

I’ll have a writeup on Emily Luchetti’s “Ricotta Cheesecake with golden raisins and tart cherries” later this long weekend. In the mean time, I’ve written up the results of a chocolate tasting from Monday. Here’s my conclusion:

This was a difficult contest to judge, and (counting ties) six different products received a first-place vote. The overall winner, with two first-place votes, two second-place votes, and one third-place vote, was TCHO 66% dark chocolate discs. In second, with one first-place vote and three second-place votes was Valrhona Caraibe 66% feves. Third went to the Guittard 66% dark chocolate discs, with one first-place vote and two second-place votes, followed by the same company’s 38% milk chocolate discs, which received two first-place votes, in fourth place. Rounding out the results, Valrhona Guanaja feves came in 5th, Guittard 74% discs came in 6th, the two Madécasse discs tied for 7th, and the non-chocolate “dark melting discs” from Ghirardelli came in dead last.

You can read excerpts of the tasters’ individual comments on our wiki.

My overall conclusion is that the tasting conditions were less than ideal, because these products (with one or two exceptions) aren’t really made to be eaten out of hand, they are intended to be melted and used either as a flavoring ingredient (as in brownies or ganache) or directly as a glaze to be applied to some other food. If I had a test kitchen of my own, full of trained cooks all ready and eager to do my bidding, I would take one standard recipe for chocolate brownies and one for truffles, and have the staff make both, varying only the chocolate, and then taste the results. (That would imply leaving out my two “ringers”.) Alice Medrich thoughtfully provides the appropriate recipe adjustments for most of this range of chocolates in her book Seriously Bitter Sweet.

Posted in Food | Tagged ,

In defense of client certificates

Posted on 2015-10-05 by

There is a move afoot among Web browser developers to remove an authentication mechanism that many enterprises depend on: SSL/TLS with X.509 client certificates. Client certificate support, along with related functionality for enrollment of clients, was first implemented in Netscape 4 (it’s that old), but since browser developers don’t work for big enterprises (leaving IE aside for the moment) they never exercise this functionality — and as a result it is frequently broken and the UX can be pretty horrible. Nonetheless, it’s very important functionality for a lot of enterprises, and I’ve been asked to write a bit about my experience. I have a unique perspective: I work at one of the host institutions for the World Wide Web Consortium, and not only do I operate an enterprise certificate authority, I have actually written an enterprise certificate authority that is in daily production use.

Some legitimate complaints

At work, we depend extensively on client certificates for authentication, and we consider this functionality extremely important, for reasons I’ll get into in detail below. Nonetheless, we receive numerous complaints from users about the use of certificates, and I wanted to be up-front about some of these complaints and explain the legitimate reasons for them. Here are the biggest complaints we receive:

It doesn’t work in $BROWSER!

This has always been true for IE, but almost nobody cares about IE any more — we have very few Windows users. With a great deal of effort, I made it work in IE, once, until Microsoft broke the only documented interface for doing certificate enrollment with the release of Windows XP SP2 (which gives you some idea how long ago this was). Microsoft has some specific requirements for certificate enrollment, driven by the legitimate needs of their enterprise customers, which made it impossible to use the enrollment mechanism as Netscape originally specified it — but their alternative required a large amount of proprietary browser-side programming, and of course makes the usual assumption of Web people that you have a team of twenty full-time devs working on every site so it’s OK to flash-cut programming interfaces with no transition period, warning, or even conversion documentation.

Today, we usually hear this complain with regard to Google Chrome. Chrome uses the “native” certificate store for each platform it runs on, but the Chrome developers never fully implemented the enrollment protocol, so it can’t parse what it gets back from our CA — and doesn’t explain why it didn’t work (I suppose “WCBA to implement the full standard and we’re Google so we don’t have to follow standards” is a bit much to ask for an error message but wouldn’t some honesty be nice?).

It works on $SITE_X but it doesn’t work on $SITE_Y!

There are several ways that this can happen, one of which is a clear failure on our part, but the others are just bad browser implementation. We screw this up as a result of not having fully migrated all of our services to our modern configuration management system, so some Web servers are simply misconfigured (don’t have the proper certificate chain, have an expired copy of the Client CA certificate, or do other things that just don’t work reliably).

The browser people, on the other hand, typically break this by doing something evil: browsers now love to go off and fetch random URLs they happen to have seen at times when users aren’t expecting them, causing the client-certificate-selection dialog to pop up when the user is doing something totally unrelated. The confused user will often cancel out of the dialog, or select a certificate related to the thing they actually are trying to do, which the browser will “helpfully” cache for the rest of the browser session — and certificate selection state can only be cleared by exiting the browser! So (to give an example we recently discovered), a user who goes to our main Web site might look in the “Resources” menu for a link to a staff-only resource that is certificate protected. If that user is using a recent version of Firefox, merely hovering over one of these links will cause the browser to open a connection to the server (which is evil and vile and wrong for a whole bunch of reasons, not least of them privacy and security), which will cause a certificate-selection dialog to pop up for no apparent reason. If the user hits “cancel”, and they have the “remember this choice” checkbox selected (the alternative, “ask every time”, is even more horrible), they will not be able to access that service using their certified identity for the life of the browser session. (Many of our sites allow guest access, so they may be able to see the site but find themselves unable to do anything. But even on sites that absolutely require a certificate, Firefox will never present the certificate selector again, no matter what error is returned by the server, so the user is just stuck.)

It worked yesterday but now it doesn’t!

As something of a corollary to the previous problem, browsers tend to deal horribly with the fact that certificates expire, and not all that well with the fact that clients may have multiple identities attested by certificates from different authorities. Our experience (again, mostly in Firefox) is that browsers will cheerfully allow users to select certificates that are flat-out invalid, and then fail, even when the server clearly indicates that this isn’t going to work. Some other browsers (not Firefox in this case) ignore the list of acceptable client CAs sent by the server and allow the client to select a certificate that the server cannot possibly validate, or if they can validate it, contains no useful information about the user’s identity. (I’m looking at you, Safari!) It is perfectly legitimate to hang on to expired certificates (and their corresponding private keys), particularly if they are marked (as ours are) as being valid for use in email encryption, but users should never be invited to initiate a new communication, whether HTTPS or email, using an expired certificate.

We have this issue perhaps more than some other enterprises because our users have two distinct identities, each of which has an associated client certificate, and these certificates are issued by different CAs and expire at different times. (Our parent organization issues certs that expire annually on July 31; our CA — the one that I wrote — issues certs that expire 365 days after issue, or when the user’s account expires, whichever comes first.) We could and probably should fix this, by aligning our certificate (and account) expiration policies with our parent’s, but it does highlight the confusion caused by poor browser implementations.

So why do I think certificates are a good thing?

With all these problems, you can imagine that there’s a lot of pressure to stop using client certificates for authentication. Nonetheless, we continue to use them, and if the browser vendors can be persuaded not to break them, we will probably keep on doing so for some time in the future. We do have reasons for this, which I expect a lot of VC-fueled Web developers probably won’t understand (or will chuckle and say “oh, I remember when people used to do that…”). But client certificates really do solve real problems for us, for which there simply is no alternative.

Phishing

Our users are subject to many phishing and related social-engineering attacks, not all of which can be detected or prevented by our email system. Client certificates are supposed to be impractical to forge, and the browser-based UX for certificate enrollment, although it sucks mightly in many ways, is very difficult to counterfeit without directly compromising the browser itself. We regularly and repeatedly emphasize to our users that they should never under any circumstances give their password to any Web site, or store it in any sort of persistent storage, except when requesting a client certificate from our CA. We don’t even implement a password-change Web page, as our parent organization does: if you forgot your password, you’re going to have to bring a photo ID to the helpdesk to change it. If the users do as we ask (which of course we can’t ever guarantee), the CA is the only Web server that will ever have access to their actual login passwords, and since access to the CA is carefully controlled, the possibility of compromise is limited. Thus far we have never seen a phishing attack, not even a spearphishing attack, that actually walked the user through exporting their private key from the certificate store and transmitting it to an attacker. (Not to suggest that such things couldn’t happen, but even our least-sophisticated users would likely realize something was up. This is also the threat model which hardware security modules and smart cards were designed to address.)

Shared Web servers

The vast majority of our Web content is served directly from shared network filesystems by general-purpose Web servers running Apache. Users need to limit access to some of this content, and it is simply not safe for these servers to allow users to use their normal passwords for authentication. The combination of Apache .htaccess files and client certificates allows us to give all our users individual control over who is able to access their internal-use content, without expecting them to securely set up and manage password-based authentication — even if we didn’t know full well that most of them don’t have that sort of expertise. (We have a difficult enough time when they install third-party software that expects them to do this; our officially supported Web server platform shouldn’t lead them down a path we know to be a serious problem.) Many alternative solutions assume that Web servers run a single application with a unitary model of access control, such that URL-space can be neatly partitioned into “public” and “private” in a way that simply doesn’t fit this use case at all.

Offline, third-party verification

Unlike nearly every alternative that’s been proposed, X.509 certificates by their very nature allow offline verification. A Relying Party can validate a certificate without revealing to the Identity Provider that it is doing so, or that any particular user is being authenticated. This is an important and powerful privacy protection — even in the case, as in our organization, where our CPS explicitly says “if you aren’t part of our organization you shouldn’t be relying on our certificates”. Nobody needs my consent, or even my cooperation, to validate the certificates I issue: all they need is a copy of my CA’s certificate, which they can easily get from the CA itself or from anyone who already holds a client cert. (There are some legitimate issues surrounding certificate revocation which, depending on your security requirements, may require online checking — to preserve privacy, browsers could implement OCSP stapling for client certificates. We don’t implement OCSP, and while we do publish CRLs for all of our CAs, I’m not aware of any RPs, internal or otherwise, who actually consult them. In general, certificate validity is not a substitute for authorization checks, although many of our services are open to all authenticated users.)

User control of authentication identity

As I mentioned above, users can have multiple identities, and the browsers do a (just barely) serviceable job at letting them choose which identity they want to present for any particular service. This allows a Relying Party (including some of our servers) to authenticate users as members of our organization, or as members of our parent institution, depending on what certificates they choose. More generally, there is no assumption that the user has a single, unitary identity that will be used across every service (both Web and non-Web) that they need to authenticate to; they can choose the identity that is appropriate for the action they wish to undertake — just as they can with traditional username/password authentication. Furthermore, the certificate-selection dialog, at least as it exists now, is uncounterfeitable — there is no way for malicious JavaScript to trick the user into providing a certificate to a Web site without being aware of it. (This was a bug in Netscape and old versions of Firefox, which defaulted to “select a certificate automatically”, allowing citizens of some countries to be tricked into revealing their national-identity certificates to third parties.)

It already works

My entire enterprise CA, including revocation, enrollment, and CRL management, is implemented in less than 4,000 lines of Ruby code. This was only possible because the important parts — the basic X.509 functionality, SSL/TLS, and certificate enrollment — are implemented in established software systems with stable programming interfaces. Certificate enrollment, in particular, is a minefield: absent the Netscape <KEYGEN> element and related hacks, it would require multiple developers with a great deal of security and platform expertise to support enrollment across six platforms, five browsers, and a handful of non-browser applications — developers my shop just doesn’t have and never will. Any proposed replacement that isn’t cross-platform, requires a significant amount of browser-side programming, or doesn’t support non-browser applications, is a non-starter for us.

So what’s wrong with the status quo?

Given all this, you might ask why the browser people hate client certificates and want to get rid of the enrollment functionality. I have to believe a big part of it is simply that they don’t live in the sorts of enterprises that make extensive use of certificates. Most private-label CAs are implemented by Microsoft shops, and Microsoft supports these users with dedicated features and options in Windows Server and IE — but those shops are generally very large, have a significant investment in Microsoft-specific solutions, and are able to simply order their users to use IE for corporate business. As a result, there is probably less pressure on the other browser vendors (Apple, Mozilla, and Google) to get this stuff right, or even implement it at all — as witness the fact that Chrome never has. There are a few more specific objections that are brought up, which are for the most part specific to how certificate enrollment works today (with <KEYGEN> and related hacks), which are worth going over.

The UX is horrible

Well, whose fault is that? You’re the browser vendors, you control the whole UI, you can fix it.

It breaks the Same Origin Policy

This is a matter of dogma to the browser people approaching the status of a religion, and in the case of client certificates it misses the whole point of why we want client certificates in the first place. That being said, I can see no reason to object to implementing a mechanism that would restrict client certificates to a specific set of origins — either as an X.509v3 extension in the certificate (so it could be signed by the CA) or as part of the enrollment process, so long as the CA was free to say “any origin is OK by me”). This assumes, of course, that the principle of user choice is maintained: I should be able to choose, on a site by site basis, whether to present a certificate at all, and if so, which one. (And, unlike in all current browser implementations, I should be able to change my mind without restarting my browser session!)

It uses MD5

This is a very specific objection to the Netscape-originated signedPublicKeyAndChallenge object used in the <KEYGEN> protocol, and for some use cases it’s entirely legitimate. For a CA like mine, it’s totally irrelevant: the only thing I care about from the SPKAC is the public key itself, since I’ve received it over a secure channel from an authenticated user. The signature on the SPKAC object serves as proof that the user submitting the enrollment request is actually in posession of the private key corresponding to the public key. But you still have to actually have the private key in order to be able to authenticate to our other servers, so forging an SPKAC doesn’t buy you much (and leaves fingerprints behind in the CA logs). If you could forge an SPKAC corresponding to some other user’s public key, you would be able to pass off a document signed by that other user as your own, which is not trivial, but also not a significant threat in our environment where certificates are only issued to authenticated local users. For a public CA issuing certificates for code signing or privacy-enhanced mail, this is a serious issue.

The solution to this problem is pretty simple: get rid of the signedPublicKeyAndChallenge object and use a standard PKCS#10 certificate signing request instead — which is what Microsoft already does in IE. I’d argue that the way it should actually work is as follows:

  1. User authenticates to CA.
  2. CA generates an unsigned “proposed CSR” object, filled in with subject DN and extensions as the CA intends to issue the certificate (including origin restrictions as noted above).
  3. Browser presents a counterfeit-resistant dialog to the user indicating that they are about to request a certificate which will identify them as such-and-so and giving them the opportunity to refuse
  4. Browser generates a keypair according to the CA’s stated requirements and signs the CSR, then submits the CSR to the CA via a form submission or JS callback.
  5. The CA responds, perhaps immediately, perhaps at some remove of time, with a signed certificate.

Note that enterprise CAs will typically ignore most or all of the identity information contained in a PKCS#10 object in favor of out-of-band authentication (what’s what I did for old IE enrollment) — but having a CSR signed by the user with those fields in it is valuable evidence of consent, which the signedPublicKeyAndChallenge does not offer.

The certificate installation media type is a horrible hack

Yup. I’d be happy to do it some other way, so long as the client-side programming required for it is (a) minimal and (b) standardized across all browsers. Currently only Firefox supports it properly (as might be expected since they inherited the code from Netscape that was the original implementation).

We have business requirements for private keys that <KEYGEN> doesn’t support

This is the Microsoft argument, and it’s a legitimate one: one particular common requirement is that private keys be generated inside a smart card, TPM, or similar tamper-resistant device such that they cannot be exported from the device. <KEYGEN> has no way to express that, and that’s why IE never implemented it. There are also policies related to public key length (many CAs now require 2048-bit keys, but it’s impossible to tell the browser what length to generate), not to mention which algorithms to use. (I want my ECDSA!) It is probably impractical to capture all of the possible policies that an enterprise CA might want to enforce, but I believe most of them can be implemented with essentially two mechanisms: first, a way to require non-exportable keys; and second, a JavaScript callback that can filter a set of (implementation, cryptosystem, key-length) tuples prior to key generation. It may also be necessary to allow the use of keys which were previously loaded into a device rather than always generating new ones (e.g., if generating keys centrally for corporate key escrow). An enterprise CA might, for example, require non-exportable keys generated by a specific PKCS#11 smart-card module using the built-in PKI support on a company-issued Yubikey NEO.

Conclusions

I hope I’ve managed to describe some of the motivation for wanting client certificates to continue to work, and described some appropriate low-impact solutions to the legitimate issues that they do raise.

Update (2015-10-12)

Happy Canadian Thanksgiving! I see from the stats that this post got referenced on Hacker News, and most of the comments seem to be saying “Oh, simple, $HUGE_PILE_OF_CLIENT_SIDE_JAVASCRIPT will fix that.” You go build the necessary support for Apache to handle that on 100% static Web sites with .htaccess-based authorization and I’ll consider that a workable replacement. It isn’t today, and I’d be surprised if it’s workable even in two years’ time (given our server upgrade schedule).

Posted in Computing | Tagged , , , , , , | 8 Comments

Summer baking and autumn baking

Back in August, I posted “Coming Attractions (redux)“, a status update for my summer baking project. Summer is now over, and we’re well into autumn by any definition, so it’s time to review what I actually did (it wasn’t exactly like what I planned on doing) and look forward to the rest of the year. First off, what I plan on doing for the rest of the fall:

10/7
Luchetti: Ricotta cheesecake with dried cherries & golden raisins
10/13
Flour: Midnight Chocolate Cake
10/19
Flour, too: Best Boston Cream Pie (substitute soaking syrup)
10/25
Ovenly: Black Chocolate Stout Cake with Salted Caramel Cream Cheese Buttercream (subject to availability of Brooklyn Brewery Black Chocolate Stout in the package store — I checked on 10/3 and it wasn’t available yet but they did expect to get it when it does come)
11/1
Huckleberry: Chocolate Banana Walnut Cake
11/8
[travel]
11/15
[travel]
11/22
Luchetti: Pumpkin Upside-Down Cake
11/29
[travel]
12/6
Whole Grain Baking: Carrot Cake
12/13
Brody: White Chocolate–Orange Pound Cake
12/20
Ovenly: Brooklyn Blackout Cake

Late afternoon update: I’ve now filled out the schedule for the winter as well. As always, this is not a commitment, but a guide that I will alter depending on my schedule and pantry contents.

12/27
Flour: Deep Dark Spicy Gingerbread
1/4
Medrich: Bittersweet Deception
1/11
Bloom: Butterscotch and Toasted Walnut Pound Cake
1/19
Bloom: Chocolate and Caramel Layer Cake
1/25
Moosewood: Cinnamon-Honey Coffee Cake
2/1
Costantino: Africano
2/8
Brody: Chocolate Pound Cake
2/16
Costantino: Torta Gattopardo
2/22
Flour: Famous Banana Bread (or the alternate version from Baking with Less Sugar)
2/29
Medrich: Bittersweet Roulade
3/7
Ovenly: Gooey Honey Blondies
3/14
Alford/Duguid: Banana Coconut Bread

Unscheduled

That leaves the following recipes from my original list unaccounted-for:

  • Flour: Double Chocolate & Orange Semifreddo (as a frozen dessert, should probably have been left off the list — I wasn’t going to be bringing this in to the office to share even if I did make it)
  • Brody: Chile Cha-Cha Brownies
  • Brody: Chocolate-Raspberry Torte [2 requests]
  • Luchetti: Walnut Cake with Chocolate-Orange Sabayon and Vanilla Crème Anglaise [2 requests, but dropped due to excessive coffee flavor]
  • Moosewood: Dark Chocolate Layer Cake (substitute frosting) [1 request]
  • Whole Grain Baking: Banana Crunch Cake
  • Whole Grain Baking: Peanut Butter Cream Pie [2 requests]

Some of these are possible mid-season replacements or may be doable as a midweek project if I feel ambitious in the fall. Likewise, the following recipes (which really should be listed on my Recipe Pointers page) were not included on the original list of recipes, but might get added later on, or swapped for something else to use up perishable ingredients:

  • Costantino: La Deliziosa
  • Costantino: Dolci di Noci
  • Costantino: Barchiglia (chocolate-glazed almond tart with pear)
  • Flour: Double Chocolate Cookies
  • Brody: Peanut Butter Cups
  • Brody: Denver Chocolate Pudding Cake
  • Medrich: Chocolate Cheesecake
  • Bloom: Butterscotch Blondies
  • Bloom: Nutty Caramel Bars
  • Greenspan/Hermé: Chocolate Sparklers

In addition, I (stupidly) continue to buy cookbooks. Among the cookbooks I already own but have yet to scan for recipes are Rose Levy Beranbaum’s Baking Bible, Ruby Tandoh’s Crumb, Fritz Knipschildt’s Chocopologie, Mindy Segal’s Cookie Love, and Hannah Miles’s Naked Cakes. So of course everything is subject to change, and I could get tired of this and move on to something else at a moment’s notice.

Already done

6/24
Flour: Ginger Molasses Cookies
6/29
Whole Grain Baking: Daffodil Cake
7/1
Whole Grain Baking: Banana–Chocolate Chip Squares
7/6
Luchetti: Berry–Crème Fraîche Cake
7/8
Whole Grain Baking: Butter-Nut Blondies
7/13
Brody: Chocolate-Hazelnut Torte
7/15
Nathan: Banana–Poppy Seed Muffins
7/20
Moosewood: Coconut Lemon Layer Cake
7/22
Ovenly: Coconut, Chocolate & Brown Butter Blondies (with oat variation)
7/27
Costantino: Torta di Pistacchio (with crema di pistacchio filling)
7/29
Flour, too: Brown Sugar–Oat Cherry Muffins
8/2
Rosie’s: Caramel-Topped Pecan Cheesecake
8/5
Moosewood: Black & White Brownies
8/10
Moosewood: Texas Italian Cream Cake
8/12
Brody: Chocolate–Peanut Butter Shortbread Bars
8/17
Costantino: Cherry–Almond Cake
8/19
Whole Grain Baking: Chocolate Pound Cake
8/24
Whole Grain Baking: Lemon–Raspberry Cake
8/26
Luchetti: Walnut–Hazelnut Bars
8/29
Chocolate Hazelnut Layer Cake (a combination of King Arthur and Alice Medrich recipes)
8/31
Whole Grain Baking: Chocolate Zucchini Cake
9/2
Whole Grain Baking: Banana Crunch Cake
Greenspan & Hermé: Moist and Nutty Brownies
9/8
Flour: Classic Carrot Cake
9/9
Bittersweet Chocolate Truffles Four Ways (after Alice Medrich)
9/14
Luchetti: Walnut Cake with Chocolate-Orange Sabayon and Vanilla Crème Anglaise (noted that this had more coffee flavor than I had previously realized and decided not to do it)
King Arthur Flour: Chocolate Chip Oatmeal Cookies
9/21
Whole Grain Baking: Peanut Butter Cream Pie (decided it was too high-cal, then went on vacation so it wasn’t replaced by anything else)
9/28
Costantino: Torta Gattopardo (decided this was too complicated and the nutrition computation too frustrating) Ciambella all’Arancia
10/2
Four & Twenty Blackbirds: Black Walnut Pie (covered in 2014)
10/3
Pumpkin Purée (no post)
Aside | Posted on 2015-10-04 by | Tagged

Recipe quick takes: Rosetta Costantino’s Ciambella all’Arancia

Posted on 2015-09-30 by

You’re probably wondering if I’ve given up on baking, given the long gap between posts. Fear not — it was just a vacation-induced hiatus. This past weekend I baked an Italian olive-oil cake called Ciambella all’Arancia, from Rosetta Costantino’s Southern Italian Desserts (with Jennie Schacht; Ten Speed Press, 2013; p. 126), which was quite well received at work in Monday. I don’t have a full photographic walk-through, but it’s a fairly simple cake to make, so long as you have a large enough mixing bowl. It’s made by the soufflé method, and is supposed to be baked in an Italian pan known, unsurprisingly, as a ciambella pan; Costantino says it can also be made in a ten-inch tube pan (which I used) or a twelve-cup Bundt brand pan.

Mise en place
There are four sources of orange flavor in this cake: freshly squeezed orange juice (two cups or 480 ml) from six Valencia oranges; three tablespoons of freshly grated orange zest (those same six oranges provide more than enough); 65 g of candied orange peel (optional); and two teaspoons orange extract (also optional). The cake itself is made from four large eggs (separated), 395 g of all-purpose flour, a tablespoon of baking powder, half a teaspoon of kosher salt, 275 g of sugar, and ¾ cup (180 ml) of a light-flavored extra-virgin olive oil. Half a cup (120 ml) of the orange juice and two tablespoons of the sugar are set aside to make a soaking syrup later.

Ciambella batter, without egg whites
As I mentioned, this cake (like most of the ones I’ve done from this cookbook) is made by the soufflé method. That means that the egg whites are whipped to make a firm, self-supporting foam, and then folded into a batter made from the other ingredients (including all of the fat). The procedure here is to beat the egg yolks, orange zest, and sugar, then use that to emulsify the olive oil, extract, and orange juice. The dry ingredients (previously sifted together) are folded into the wet ingredients, along with the candied orange peel, before folding in the egg whites. The mixture seen here is the batter just prior to folding in the whites; my Pyrex mixing bowl was clearly not large enough, so I had a bit of trouble folding in the egg whites without making a big mess. (Unfortunately the recipe doesn’t give any hint of this — I’ve now noted in my copy that a larger mixing bowl is required!)

Batter in tube pan
After folding in the egg whites, the batter is then poured into a prepared tube pan and baked in a 375°F (190°C) oven for 40 minutes.

Fully baked ciambella
This one of the few cake recipes where the “done” condition explicitly indicates that the top of the cake should be cracked. The ciambella cools in the pan until it’s cool enough to handle, and then after depanning is cooled completely, top-side-up, on a wire rack set over a sheet pan.

Ciambella after soaking with orange syrup
A soaking syrup is made by stirring the reserved sugar into the remaining orange juice until fully dissolved. Most of the syrup is poured over the top of the ciambella, until it is thoroughly moistened, and a pastry brush is used to apply what remains to the sides of the cake. (This is a necessarily messy process, hence the sheet pan underneath!)

Slice of ciambella
I finished the cake on Sunday night, but waited until Monday morning to cut into it so I could photograph a single slice. You can clearly see how dense, moist, and golden the crumb is, with a few pieces of the candied orange peel exposed — quite lovely.

Cake minus one slice
I put the ciambella on a cake stand for service, then wrapped it up in plastic wrap to carry it into work. It was very well received.

Nutrition

Nutrition Facts
Serving size: 1/12 of 10″ tube cake
Servings per recipe: 12
Amount per serving
Calories 389 Calories from fat 144
% Daily Value
Total Fat 16g 24%
 Saturated Fat 2g 12%
Trans Fat 0g
Cholesterol 62mg 21%
Sodium 187mg 8%
Potassium 83mg 2%
Total Carbohydrate 52g 17%
 Dietary fiber 1g 3%
 Sugars 27g
Proteins 7g 13%
Vitamin A 4%
Vitamin C 38%
Calcium 9%
Iron 11%
Posted in Food | Tagged , , , ,