IETF Logo Mail Archive

Re: [Acme] Alternative proposal for fixing TLS-SNI / revisiting HTTPS-01 authorization

"Matthew D. Hardeman" <mhardeman@ipifony.com> Fri, 12 January 2018 17:56 UTC

Return-Path: <mhardeman@ipifony.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 40DAF129C6B for <acme@ietfa.amsl.com>; Fri, 12 Jan 2018 09:56:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PprYlJsXXdPF for <acme@ietfa.amsl.com>; Fri, 12 Jan 2018 09:56:34 -0800 (PST)
Received: from mail.ipifony.com (mail.ipifony.com [199.71.210.39]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEC5F12D856 for <acme@ietf.org>; Fri, 12 Jan 2018 09:56:33 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.ipifony.com (Postfix) with ESMTP id 679BDB40911; Fri, 12 Jan 2018 11:56:33 -0600 (CST)
X-Virus-Scanned: amavisd-new at ipifony.com
Received: from mail.ipifony.com ([127.0.0.1]) by localhost (mail.ipifony.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1LjKnk0hYns0; Fri, 12 Jan 2018 11:56:32 -0600 (CST)
Received: from [10.47.52.51] (68-117-162-146.dhcp.unas.al.charter.com [68.117.162.146]) by mail.ipifony.com (Postfix) with ESMTPSA id 6C11CB408C7; Fri, 12 Jan 2018 11:56:32 -0600 (CST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: "Matthew D. Hardeman" <mhardeman@ipifony.com>
In-Reply-To: <20180112173944.GA32182@LK-Perkele-VII>
Date: Fri, 12 Jan 2018 11:56:31 -0600
Cc: "Gerd v. Egidy" <gerd.von.egidy@intra2net.com>, acme@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <CD730855-DE46-49F6-9EBE-5D25DAC86927@ipifony.com>
References: <1812883.r3FRolLa0t@thunder.m.i2n> <4181164.OuRzJEQIXO@thunder.m.i2n> <20180112170847.GB31935@LK-Perkele-VII> <2514105.li6vvifsPI@thunder.m.i2n> <20180112173944.GA32182@LK-Perkele-VII>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/39XTainEjjoKTHl9SHTX1NOLHvs>
Subject: Re: [Acme] Alternative proposal for fixing TLS-SNI / revisiting HTTPS-01 authorization
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jan 2018 17:56:45 -0000

Yes.  That can happen.

I forget the name of it, but there was a historic web hosting framework that, in order to improve IP address costs AND maximize compatibility for those upgrading to TLS (non-SNI etc), encouraged the ultimate configuration:

For a given IP address, a large number N of non-TLS port 80 customers, with web hosting contexts discriminated by HTTP/1.1 Host: header are bound to this IP address.

For same said given IP address, one and only one TLS customer is assigned.  This customer’s web context is bound to that IP address and port 80 for the customer’s named Host: values only.  But on the port 443, the IP address is bound to this customer in all cases, regardless of TLS SNI value or lack thereof, all connections to that IP and host will go to the one TLS customer’s web hosting context.

The end result is that https://non-tls-customer.on-same-ip.com will go to the TLS website of the one paying TLS customer on that host IP.

(Normally, of course, there would be a name mismatch and the certificate would not validate.)  In many of these infrastructures, the site admin of the TLS customer would be able to change out that SSL certificate at will.

> On Jan 12, 2018, at 11:39 AM, Ilari Liusvaara <ilariliusvaara@welho.com> wrote:
> 
> On Fri, Jan 12, 2018 at 06:21:00PM +0100, Gerd v. Egidy wrote:
>>>> I think you also need:
>>>> 
>>>> - A user is able to trick the server into serving his document root as
>>>> default vhost
>>>> 
>>>> - The webserver serves the default tls vhost, even if the CA requested a
>>>> specific vhost via SNI
>>> 
>>> Well, I think both are impiled by default vhost.
>> 
>> The first yes.
>> 
>> But the second I'm not so sure.
>> 
>> AFAIK, with Apache httpd you'll get the tls default vhost just for requests 
>> without SNI.
>> 
>> Of course not everyone is using Apache, but I think it makes it an additional 
>> condition for the attack to work.
> 
> Actually, reading the detectify post, it seems that at least one hoster
> has the following problem:
> 
> If the legit holder of domain has HTTP but not HTTPS enabled, one can
> take over the HTTPS version, including serving one's own content on it.
> And thanks to HSTS, this can then used to take over the HTTP version
> too.
> 
> 
> -Ilari
> 
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme

v2.23.0 | Report a Bug | By Email