Re: [Acme] ACME vulnerabilities in SimpleHTTP due to common webservers' default virtual host semantics
Niklas Keller <me@kelunik.com> Thu, 19 November 2015 08:41 UTC
Return-Path: <me@kelunik.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4130A1ACD48 for <acme@ietfa.amsl.com>; Thu, 19 Nov 2015 00:41:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.027
X-Spam-Level:
X-Spam-Status: No, score=-1.027 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FM_FORGED_GMAIL=0.622, HELO_EQ_DE=0.35, HTML_MESSAGE=0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hMce8AQ979X5 for <acme@ietfa.amsl.com>; Thu, 19 Nov 2015 00:41:54 -0800 (PST)
Received: from mo6-p00-ob.smtp.rzone.de (mo6-p00-ob.smtp.rzone.de [IPv6:2a01:238:20a:202:5300::4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 29A2F1ACD4C for <acme@ietf.org>; Thu, 19 Nov 2015 00:41:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1447922512; l=2094; s=domk; d=kelunik.com; h=Content-Type:To:From:Subject:Date:References:In-Reply-To: MIME-Version; bh=15heosf3WLNBx2M/PB3DHkhnVq0yn9fhasR/uNNh3Ho=; b=AVg9LweZKkGk6JywzVLkY8n86N1Hjun1oEUwes3k+94xRGPytPdzzosIbC8pNDdJDIG 6vl31IgUmOZnTZB1RF4Fk242fWplk+wprONQA7nQalyt6PKY8ENLJ6G/rITqYRhkvO41f oP8yGIkvaG2kgpu+iVaCn2aNpDvC8s7xgj8=
X-RZG-AUTH: :IWkkfkWkbvHsXQGmRYmUo9mls2vWuiu+7SLGvomb4bl9EfHtO3I6
X-RZG-CLASS-ID: mo00
Received: from mail-wm0-f41.google.com ([74.125.82.41]) by smtp.strato.de (RZmta 37.14 AUTH) with ESMTPSA id J066f8rAJ8fp8BR (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (curve secp384r1 with 384 ECDH bits, eq. 7680 bits RSA)) (Client did not present a certificate) for <acme@ietf.org>; Thu, 19 Nov 2015 09:41:51 +0100 (CET)
Received: by wmvv187 with SMTP id v187so13779834wmv.1 for <acme@ietf.org>; Thu, 19 Nov 2015 00:41:50 -0800 (PST)
MIME-Version: 1.0
X-Received: by 10.195.11.129 with SMTP id ei1mr7684762wjd.129.1447922510899; Thu, 19 Nov 2015 00:41:50 -0800 (PST)
Received: by 10.194.2.171 with HTTP; Thu, 19 Nov 2015 00:41:50 -0800 (PST)
In-Reply-To: <CANUQDCjc2pyD19pC+8F4dhommuaOtf=JpJWOYAh6He3RNK8+Xg@mail.gmail.com>
References: <CANUQDCjc2pyD19pC+8F4dhommuaOtf=JpJWOYAh6He3RNK8+Xg@mail.gmail.com>
Date: Thu, 19 Nov 2015 09:41:50 +0100
X-Gmail-Original-Message-ID: <CANUQDCghtJx6Dookrd22H7jyRswAdjOzQn3nO0Frpb5CPGmnkQ@mail.gmail.com>
Message-ID: <CANUQDCghtJx6Dookrd22H7jyRswAdjOzQn3nO0Frpb5CPGmnkQ@mail.gmail.com>
From: Niklas Keller <me@kelunik.com>
To: IETF ACME <acme@ietf.org>
Content-Type: multipart/alternative; boundary="047d7b86ce48ecb5210524e0ba18"
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/2xojE6GRgOe0Rilp0p8f518ORKE>
Subject: Re: [Acme] ACME vulnerabilities in SimpleHTTP due to common webservers' default virtual host semantics
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Nov 2015 08:41:56 -0000
*push* 2015-11-13 16:35 GMT+01:00 Niklas Keller <me@kelunik.com>: > This is a followup on "ACME vulnerabilities in SimpleHTTP and DVSNI due to > common webservers' default virtual host semantics", since I don't have that > mail in my archive (was not subscribed to the list back then), I can't > respond directly to that thread. (Stupid mailing lists.) > > Could someone explain the exact vulnerability? Since those challenge > payloads are bound to a specific domain, I don't see the problem. > Additionally, I don't see why it's a problem with HTTPS, why is it > mitigated by switching to HTTP? HTTP via port 80 has just the same > semantics for default hosts as HTTPS via 443 has. > > Regards, Niklas >
- Re: [Acme] ACME vulnerabilities in SimpleHTTP due… Peter Eckersley
- Re: [Acme] ACME vulnerabilities in SimpleHTTP due… Peter Wu
- Re: [Acme] ACME vulnerabilities in SimpleHTTP due… Niklas Keller
- Re: [Acme] ACME vulnerabilities in SimpleHTTP due… Peter Eckersley
- [Acme] ACME vulnerabilities in SimpleHTTP due to … Niklas Keller
- Re: [Acme] ACME vulnerabilities in SimpleHTTP due… Niklas Keller
- Re: [Acme] ACME vulnerabilities in SimpleHTTP due… Peter Wu
- Re: [Acme] ACME vulnerabilities in SimpleHTTP due… Peter Eckersley
- Re: [Acme] ACME vulnerabilities in SimpleHTTP due… Jakub Warmuz