Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-acme-14: (with DISCUSS and COMMENT)

[Benjamin Kaduk <kaduk@mit.edu>]

On Wed, Aug 29, 2018 at 09:10:06PM -0400, Richard Barnes wrote:
> Hi Ben,
> 
> Thanks for the detailed review.  Responses to the DISCUSS comments inline.
> My co-author Daniel McCarney is working on the COMMENT comments.
> 
> --Richard
> 
> On Wed, Aug 29, 2018 at 2:53 PM Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
> >
> > It looks like the server returns an unauthenticated "badSignatureAlgorithm"
> > error when the client sends a JWS using an unsupported signature algorithm
> > (Section 6.2).  What prevents an active attacker from performing a
> > downgrade attack on the signature algorithm used?
> >
> 
> HTTPS, and the minimum requirements established in this document.  We can
> add some comments to the Security Considerations if you want.

It's probably worth some security considerations text.
(BTW, I was more picky than usual for this doc, since apparently TLS MitM
capabilities are explicitly in the threat model via the
"CDN-in-front-of-ACME-server" case.  So in some sense that is implying that
the web PKI is not quite good enough for that channel.)

> 
> 
> > Similarly, since we include in the threat model a potentially hostile
> > CDN/MitM between the ACME client and ACME server, can that attacker strip a
> > success response and replace it with a badNonce error, causing the client
> > to retry (and thus duplicate the request processing on the server)?
> >
> 
> In the spectrum of DoS attacks the CDN could wage against the server, this
> seems pretty lame.  The CDN could also just stop forwarding requests.
> 
> In other words, I don't really think the

(incomplete sentence)
But yes, I was thinking about this some more after I balloted and it did
end up seeming likely innocuous by comparison.  It's still good to have
people more familiar with the document than me think about the
possibilities, though -- it seems like most things the client would be
trying to do are relatively idempotent (that is, new challenge tokens and
such could be generated, but that's easy to recover from unless the CDN is
blocking lots of stuff, in which case nothing works anyway), but maybe I
missed something.

> 
> > I am not an ART AD, but there is not yet an internationalization
> > directorate, and seeing statements like "inputs for digest computations
> > MUST be encoded using the UTF-8 character set" (Section 5) without
> > additional discussion of normalization and/or what the canonical form for
> > the digest input is makes me nervous.  Has sufficient internationalization
> > review been performed to ensure that there are no latent issues in this
> > space?
> >
> 
> Two of the three ART ADs have already signed off, so we have that going for
> us :)
> 
> The only place we have human-readable text is in the problem documents, so
> at that level, the i18n considerations are handled by that spec.  Other
> than that, everything is ASCII, so saying "UTF-8" is just a fancy way of
> saying, "don't send extra zero bytes".

[this thread forked]

> 
> 
> > Section 6.1 has text discussing TLS 1.3's 0-RTT mode.  If this text is
> > intended to be a profile that defines/allows the use of TLS 1.3 0-RTT data
> > for the ACME protocol, I think you need to be more specific and say
> > something like "MAY allow clients to send early data (0-RTT); there are no
> > ACME-specific restrictions on which types of requests are permitted in
> > 0-RTT", since the runtime configuration is just 0-RTT yes/no, and the
> > protocol spec is in charge of saying which PDUs are allowed or not.
> >
> 
> The risk for HTTPS with 0-RTT is replay of requests.  The text already
> notes that that is not an issue for ACME requests because they have their
> own anti-replay protection.  There are no restrictions on which PDUs are
> allowed.   What further specificity do you need?

I would like it to be explicitly stated that there are no restrictions on
which PDUs are allowed.

If it helps, I'm trying to make a distinction between "you can negotiate
0-RTT in the TLS handshake" and "this is what you can put in early data";
in my mind, an application profile should explicitly cover the latter.

> 
> 
> > Section 6.2 notes that servers MUST NOT respond to GET requests for
> > sensitvie resources.  Why are account resources the only sensitive ones?
> > Are authorizations not sensitive?  Or are those considered to fall under
> > the umbrella of "account resources" (Section 7.1 seems pretty clear that
> > they do not)?
> >
> 
> That sentence has an overly prescriptive tone.  Obviously it's up to the
> CA's policy what it considers sensitive.  (Some especially profligate CA
> that's not subject to GDPR might be OK publishing its account objects.)
> Happy to dial it back to something like "For example, most CAs will likely
> consider account resources to be sensitive."

I think this is basically going to be subsumed/rendered OBE by Adam's
DISCUSS; please let me know if you think there is more to talk about here.

> 
> 
> > Section 7.1.1 discusses how the server can include a caaIdentities element
> > in its directory metadata; does this (or anything else) need to be
> > integrity protected by anything stronger than the Web PKI cert
> > authenticating the HTTPS connection?  It seems that a bogus caaIdentities
> > value could lead to an unfortunate DoS in some cases.
> >
> 
> I don't know what you would consider stronger than a WebPKI cert.  You
> could use a secondary key that isn't provided to the CDN and do JWS in the
> server-to-client direction.  But that would require clients to configure a
> public key as well as a URL, and you would have to figure out whether you
> wanted caching or anti-replay and build the corresponding addenda to JWS.
> All in all, a lot of complexity for marginal benefit, especially this late
> in the game.

Yeah, it's clearly a lot of complexity for marginal benefit (since the DoS
would likely be easy to notice and recover from) and late in the game.
Though the CA does already have a key that the client trusts...
Do you want to mention that the caaIdentities element gives a leaf cert
some control over the trust anchors that are used, in the security
considerations?  (This is a serious question; I am leaning towards it being
worth doing, but it would not be very hard to convince me otherwise.)

> 
> 
> > I am also a bit uncertain if the document is internally consistent about
> > whether one challenge verification suffices or there can be cases when
> > multiple challenge verifications are required for a successful
> > authorization.  I attmpted to note relevant snippets of the text in my
> > comments on Section 7.1.4.
> >
> 
> The document is clear that (1) any one challenge is sufficient for a given
> authorization ("the server should consider any one of the challenges
> sufficient to make the authorization valid") and (2) the server may provide
> multiple authorizations in the order object if it requires multiple
> different validations.

I think I'm still confused.  How could we end up with a case where a single
authorization object in the "valid" state includes more than one challenge?
(Looking at my notes, maybe this is just an editorial matter where a stray
's' slipped into one instance of "challenges", so we want "challenge that
was used" vs. "challenges that were used"?)

Thanks for the discussion!

-Benjamin