Re: [Acme] High level comments on draft-barnes-acme (the GitHub version)

Martin Thomson <martin.thomson@gmail.com> Thu, 26 March 2015 15:40 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C8691A00ED for <acme@ietfa.amsl.com>; Thu, 26 Mar 2015 08:40:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SIvrHuJQImer for <acme@ietfa.amsl.com>; Thu, 26 Mar 2015 08:40:54 -0700 (PDT)
Received: from mail-oi0-x22c.google.com (mail-oi0-x22c.google.com [IPv6:2607:f8b0:4003:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 27F331AD28D for <acme@ietf.org>; Thu, 26 Mar 2015 08:40:54 -0700 (PDT)
Received: by oicf142 with SMTP id f142so43235947oic.3 for <acme@ietf.org>; Thu, 26 Mar 2015 08:40:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=YGxIZDLkOyCPohiN6FCpFvZmZXTbTiHhIK4TVVV4W4c=; b=AurFfsKOuepQUOatg4MM66yo8rPsdEmBviA4oNyccHkXN/NWGgaRiwqF7pKYZVYzZ8 TQIGUaa9JehbARqlZfnYxdRBt7vmIMnGcteCpNETr/D/g2FQn+fPAay0RPRP2FOVaSkf P3/QZXzrNtfO1leZYIeZwstcySwvtcQ6HrEprrJ8pZIf9bKTleHjXnAARIpwv1Tg5nxx VlfLmmf+sq7XBBEGn9gu50v9GjOgBS8cq8g/5jPwkqfMmmAjuiZFI1N2IgKWDgKwPfSW vWfXEFcbTxTiVhXIEHId0QIsMjJ9SwEtj0fm9LJum/4lW5hXfEbRLcZDQ8scK7KisAL4 +OAw==
MIME-Version: 1.0
X-Received: by 10.202.229.201 with SMTP id c192mr4120184oih.44.1427384453684; Thu, 26 Mar 2015 08:40:53 -0700 (PDT)
Received: by 10.202.48.151 with HTTP; Thu, 26 Mar 2015 08:40:53 -0700 (PDT)
In-Reply-To: <551334F9.9040107@eff.org>
References: <92B826AA-48E3-454C-85A9-600F84D539DD@ericsson.com> <9F77199A-98B7-4963-8EA3-552405B5342F@titanous.com> <B4953448-093A-4DB7-B81D-B09FE31E7B3F@ericsson.com> <CABtrr-V4++ayD4UV32maWiOSLyg=r3Gj-HNnDaizQ_WoF_4PjQ@mail.gmail.com> <551334F9.9040107@eff.org>
Date: Thu, 26 Mar 2015 10:40:53 -0500
Message-ID: <CABkgnnUjiNymD0PmmWALBwXq2CaCuSFsnDwRqGA7JVmpgUtqjw@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: Jacob Hoffman-Andrews <jsha@eff.org>
Content-Type: text/plain; charset=UTF-8
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/3I5-D0DdeNpTqM4d_uY6PBOIQog>
Cc: Jonathan Rudenberg <jonathan@titanous.com>, "acme@ietf.org" <acme@ietf.org>, Joseph Lorenzo Hall <joe@cdt.org>, John Mattsson <john.mattsson@ericsson.com>
Subject: Re: [Acme] High level comments on draft-barnes-acme (the GitHub version)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2015 15:40:55 -0000

On 25 March 2015 at 17:21, Jacob Hoffman-Andrews <jsha@eff.org> wrote:
>> This seems like a big deal, no? That is, since SNI is one of the few
> things not protected in the TLS handshake, it does seem spoofable. If
> there's not something I'm missing, it seems like the proposal should
> just drop DVSNI altogether.
>
> An attacker who fully controls the network is explicitly not part of the
> threat model for any Domain Validation. None of the available techniques
> for DV, whether they involve fetching a file, sending an email, or doing
> a TLS handshake can fully mitigate a network attacker.

It has been suggested that some measure of network control can be
mitigated by originating the validation requests from multiple network
locations.  That would be down to CA policy though.