IETF Logo Mail Archive

Re: [Acme] ACME breaking change: Most GETs become POSTs

Nico Williams <nico@cryptonector.com> Fri, 31 August 2018 19:34 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85F80130E1B for <acme@ietfa.amsl.com>; Fri, 31 Aug 2018 12:34:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H2=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cryptonector.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bCWKl9jIpriG for <acme@ietfa.amsl.com>; Fri, 31 Aug 2018 12:34:15 -0700 (PDT)
Received: from pdx1-sub0-mail-a23.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9CBC0130E2A for <acme@ietf.org>; Fri, 31 Aug 2018 12:34:15 -0700 (PDT)
Received: from pdx1-sub0-mail-a23.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a23.g.dreamhost.com (Postfix) with ESMTP id 311D07EA0E; Fri, 31 Aug 2018 12:34:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=cryptonector.com; h=date :from:to:cc:subject:message-id:references:mime-version :content-type:in-reply-to:content-transfer-encoding; s= cryptonector.com; bh=u5t6oN08BgcO6Z9BhsKTbTiX8GI=; b=rzdb7fUJ/T0 Bo7AsL3NNNqk0UZy+f/C0ueEvIC2tqb136ayXJUWiz1QRzTTfMUmGcSwRobxYBYN t2qj2IrF9tQbOLhL3lNKjoDUsnruf1ldUhtZUcfqMb2c/qMYeUVD3eD1XiKHZ3WU lCzyBo73C4L3MlUrUToNobeaBsE/t+ok=
Received: from localhost (unknown [24.28.108.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a23.g.dreamhost.com (Postfix) with ESMTPSA id BBFFE7F069; Fri, 31 Aug 2018 12:34:14 -0700 (PDT)
Date: Fri, 31 Aug 2018 14:34:12 -0500
From: Nico Williams <nico@cryptonector.com>
To: Jacob Hoffman-Andrews <jsha@eff.org>
Cc: ACME WG <acme@ietf.org>
Message-ID: <20180831193411.GD10368@localhost>
References: <c33184f3-4e64-b7ea-babb-d29e2307f1f3@eff.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <c33184f3-4e64-b7ea-babb-d29e2307f1f3@eff.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/-D-QSwgYHrr_hZILbgMtcTxkuOA>
Subject: Re: [Acme] ACME breaking change: Most GETs become POSTs
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Aug 2018 19:34:22 -0000

On Thu, Aug 30, 2018 at 04:20:41PM -0700, Jacob Hoffman-Andrews wrote:
> ACME currently has unauthenticated GETs for some resources. This was
> originally discussed in January 2015[1]. We decided to put all sensitive
> data in the account resource and consider all GET resources public, with a
> slant towards transparency.
> 
> Adam Roach recently pointed out in his Area Director review that even when
> the contents of GET URLs aren’t sensitive, their correlation may be. For
> instance, some CAs might consider the grouping of certificates by account to
> be sensitive.

This is true, but GET isn't the issue.  If you have iterable URI
constructions then POST will let you iterate them just as well as GET.

> Richard Barnes proposes[2] to change all GETs to POSTs (except directory and
> new-nonce). This will be a breaking change. Clients that were compatible
> with previous drafts, informally called ACMEv1 and ACMEv2, will not be
> compatible with a draft that mandates POSTs everywhere. It will be a painful
> change, since the ecosystem just started switching to ACMEv2, which looked
> to be near-final.

How does using POST address this?

Neither does GET imply unauthenticated, nor does POST imply
authenticated.

GET vs POST can make a difference in the context of HTML (where you can
get a user-agent to GET a resource without the user taking action), but
I don't think that's relevant here.

> I think this is the right path forwards. ACME will be a simpler, better
> protocol long-term if all requests are authenticated. However, if we’re
> taking this path we should aim to come to consensus and land the final spec
> quickly to reduce uncertainty for ACME client implementers.

This is wrong.  GET vs POST makes no difference as to iteration of
resources.

Please use HTTP correctly.

If a resource is read-only or GETs of it would be idempotent anyways,
then use GET.

Do include normative text about the shape of the URIs to prevent
iteration via monotonic increment of numeric components or query
parameters.

Do specify what requires authentication and what does not.

Do not misuse HTTP verbs.

Nico
--

v2.23.0 | Report a Bug | By Email