IETF Logo Mail Archive

Re: [Acme] SNI extension for tls-alpn-01 challenge in draft-ietf-acme-ip-05

Corey Bonnell <cbonnell@outlook.com> Tue, 23 April 2019 01:21 UTC

Return-Path: <cbonnell@outlook.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC91A1200C7 for <acme@ietfa.amsl.com>; Mon, 22 Apr 2019 18:21:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outlook.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fhSH30C6bcmm for <acme@ietfa.amsl.com>; Mon, 22 Apr 2019 18:21:26 -0700 (PDT)
Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-oln040092011045.outbound.protection.outlook.com [40.92.11.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28932120075 for <acme@ietf.org>; Mon, 22 Apr 2019 18:21:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=SOEbGtMOk3ut2pnyxDtH95Cbs3KR9Jg8NIO45NwlZBM=; b=Lg/o/lVbjjSeceG+WWZHFoU5agQghI+UlyWylHDEKZYKVKpqXHV9AiucioiNHE+Ht5MpT3/hrkooI71usHEMdIQ+DTo3YxBpMYMNdeBRqAoik0gCyShCNsIEE8hZPYfOwLVQ1/pQI2Mp5bCU1WIIa21/BrpKx8eTPwW0Z2jrJrLjvnmvGnPk7zROLw/fTXo9LrSYPqqJdQOYyEukr0VdNsW1HBxZyuUkOP6wsc8WlCPFDOqGyhEPQJL8uypVn6GwMm4l+MwmQINpO0tNJyPf4+kkddECI+QZwqd2vmQBc9Cfjv4iJ/ad9jdgsa7DuYbuHP6NT/Ai4ZZv8x/ScPXD8g==
Received: from SN1NAM04FT054.eop-NAM04.prod.protection.outlook.com (10.152.88.59) by SN1NAM04HT211.eop-NAM04.prod.protection.outlook.com (10.152.88.186) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1771.16; Tue, 23 Apr 2019 01:21:24 +0000
Received: from MN2PR18MB2845.namprd18.prod.outlook.com (10.152.88.57) by SN1NAM04FT054.mail.protection.outlook.com (10.152.89.2) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.1771.16 via Frontend Transport; Tue, 23 Apr 2019 01:21:24 +0000
Received: from MN2PR18MB2845.namprd18.prod.outlook.com ([fe80::85a4:7183:e3da:d68a]) by MN2PR18MB2845.namprd18.prod.outlook.com ([fe80::85a4:7183:e3da:d68a%6]) with mapi id 15.20.1813.017; Tue, 23 Apr 2019 01:21:24 +0000
From: Corey Bonnell <cbonnell@outlook.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>, Corey Bonnell <cbonnell@outlook.com>
CC: "acme@ietf.org" <acme@ietf.org>
Thread-Topic: [Acme] SNI extension for tls-alpn-01 challenge in draft-ietf-acme-ip-05
Thread-Index: AQHU9L+epzmXNs4yDUG9lMQgYbElSKY/zMQAgAkmr98=
Date: Tue, 23 Apr 2019 01:21:24 +0000
Message-ID: <MN2PR18MB2845DBA634A0BC648222C627C3230@MN2PR18MB2845.namprd18.prod.outlook.com>
References: <MN2PR18MB28457CCBEF6FFE2B70E286FCC3250@MN2PR18MB2845.namprd18.prod.outlook.com>, <CAErg=HGYuRc+tOBwRedx5a9tnH9iVm3bfWYhfXeiHCgcvp8gMA@mail.gmail.com>
In-Reply-To: <CAErg=HGYuRc+tOBwRedx5a9tnH9iVm3bfWYhfXeiHCgcvp8gMA@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-incomingtopheadermarker: OriginalChecksum:09AC6C2DE9186005E2E0872C5BA644A6FAE8DD8945FD4207BE3CC699055695D8; UpperCasedChecksum:1FADDF69223A5347386A19A7F3CC45BE05A39900F2574BDEB77E72E6F5F9FBC4; SizeAsReceived:6974; Count:44
x-ms-exchange-messagesentrepresentingtype: 1
x-tmn: [DcNJVfb3XIMC2NoSaUHqbcnQptqEwLMD]
x-ms-publictraffictype: Email
x-incomingheadercount: 44
x-eopattributedmessage: 0
x-ms-exchange-slblob-mailprops: mBy7Mai7yE7VchY0qHKTFdHfLG3l9FPBq/KM8DBFLTRDQCqVBIw8iskYiG34rvkwsUCBogwMj335uVnQ0KKjXC8v657QYbmtUt90r8hc3c4DsyY6gZ/sIYtNXJ16ji8E90R3aUj3y15cFrv/nlzPfLCFHadCp10kYPAp0JnktCfwaQep0zdPc85/jz2/vVLpGTtvwtssW7Dnq5usVnTji6X0I8EcBZYQ/NZ1C+G6V3WCrPOcfbSW4pYxr6588XGva9dVq2Lww5zv4iAGsCDU2giN0Iu8x9SdqiPAonnb+kVm2H0TJumdANEOu99w3ITXswz+RwajQQchF2K/XJnnZ0/aZvXIEBWZ94Wn/Tz62ZnONj6tveTdR75PHCMOF+GbzKkO83vp3pymHANKyA1ilRmJxiMSmhimQZAVlcZHdpf7dAobj7fi5qFoAsTxRynB0/nW1d9erz5WJ+m1LhOffzDZUA7ZtIMX+meqPoMmQHKgBKsJOajaHDZx0hoLm6sNYvnFikXPckZGQ0E/DIVBF9Sxs+qFA1CNSlu5Hp7sgmZI5YSfbNcKZKWTlvxObvzHPj2lprIgtNS+VSDqhBREsgaL0c35MLA3hAr3iuHJ8++20gPf7fi6jUMpGDwZ34NykukR/VHbtWeo41JoA69ivt3hQr8a24S4hr4HyHGQmvIVI3eHFlRkM2Jz5QIydA3FSqUgdXiXAeJb3G70fzy/aJZfkXJqp3vo
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(5050001)(7020095)(20181119110)(201702061078)(5061506573)(5061507331)(1603103135)(2017031320274)(201702181274)(2017031323274)(2017031324274)(2017031322404)(1603101475)(1601125500)(1701031045); SRVR:SN1NAM04HT211;
x-ms-traffictypediagnostic: SN1NAM04HT211:
x-microsoft-antispam-message-info: iylm6nTWEiFWB0lCG1gLY3CwqB4vUB0iG7VZjdUMmwnW6lIePooVCcFr3hrZ4zE5uDnZPIBUdAdIp3cRDgruU2CArPf/RpMQi3vpluVwNQfE7aENVXxHy6Uu85JucK/h3bngvi8MCUkwa3vWwRa63k8qrslgv4fItp3fNP03McXxZR9vy+cz2kQyAZv3rKbP
Content-Type: multipart/alternative; boundary="_000_MN2PR18MB2845DBA634A0BC648222C627C3230MN2PR18MB2845namp_"
MIME-Version: 1.0
X-OriginatorOrg: outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: de6ea7b2-bab6-4b9b-d6c0-08d6c78a0093
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Apr 2019 01:21:24.7376 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Internet
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1NAM04HT211
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/41VKJfUC9OTCfUsFKKEiixCb0Mo>
Subject: Re: [Acme] SNI extension for tls-alpn-01 challenge in draft-ietf-acme-ip-05
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Apr 2019 01:21:29 -0000

Hi Ryan,
I suppose I should have framed my email a bit more generally as opposed to focusing specifically on the security aspects. More broadly, I'm having a hard time coming up with a reason why the SNI extension must be included at all for IP address challenges. In the normal TLS connection flow, a connection by direct IP address (not hostname) would not include the SNI extension at all, so mandating the use of the .arpa domain in the SNI is inconsistent with normal TLS processing. This inconsistency is compounded when you consider that the self-signed cert for the challenge encodes the IP address as an iPAddress SAN (and not the .arpa dNSName). I could also see someone being confused upon reading the spec and thinking that a DNS A/AAAA record lookup against the in-addr/ipv6.arpa domain must be performed and that the challenge TLS connection is to be done against the resolved IP address.

I believe it would be more consistent with normal TLS processing and less confusing to prohibit the use of SNI altogether for IP address validations. However, I'd greatly appreciate any explanations as to why it is preferable to include the SNI extension.

Thanks,
Corey

________________________________
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Sent: Wednesday, April 17, 2019 1:05 AM
To: Corey Bonnell
Cc: acme@ietf.org
Subject: Re: [Acme] SNI extension for tls-alpn-01 challenge in draft-ietf-acme-ip-05



On Tue, Apr 16, 2019 at 9:55 PM Corey Bonnell <cbonnell@outlook.com<mailto:cbonnell@outlook.com>> wrote:

Hello,

Draft-ietf-acme-ip-05 specifies that for the tls-alpn-01 challenge, an SNI value with the in-addr/ipv6.arpa domain name corresponding to the iPAddress being validated MUST be specified. I have a concern that this requirement suffers the same problem that rendered tls-sni-01 insecure: namely, an arbitrary user on a shared hosting provider could upload an arbitrary certificate for the required .ip-addr/ipv6.arpa domain, thus circumventing any security provided by the mandatory SNI extension.

The mandatory ALPN extension prevents this from being exploited to obtain fraudulent certificates, but given how trivially the SNI requirement can be defeated in the same manner as for tls-sni-01, I don’t believe that requiring SNI provides any security value and is not necessary. If the intent for requiring the SNI extension is to convey to the TLS server that an IP address is being validated, couldn’t that similarly be accomplished by *not* specifying any SNI extension at all? Tls-apln-01 (for dNSNames) requires that a SNI value be specified, so TLS servers could differentiate between challenge requests for dNSNames and iPAddress based on the presence (or absence) of the SNI extension.

I’m not sure I follow the attack scenario you’re describing. The value proposition of the ALPN method is that it’s indicative that the server does not “suffer the same problem that rendered sni-01 insecure”, precisely because it does not allow an arbitrary user to upload an arbitrary certificate while also responding with that ALPN identifier.

Perhaps I misunderstood your question, but with the above invariant being the reason for the introduction of the ALPN method, if we assume it holds, do you still have concerns?

v2.23.0 | Report a Bug | By Email