Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-email-smime-10: (with DISCUSS and COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Thu, 12 November 2020 23:56 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8835B3A1072; Thu, 12 Nov 2020 15:56:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gjiXLQB0PX7K; Thu, 12 Nov 2020 15:56:33 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 941EA3A1064; Thu, 12 Nov 2020 15:56:33 -0800 (PST)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 0ACNuO21005132 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 12 Nov 2020 18:56:28 -0500
Date: Thu, 12 Nov 2020 15:56:23 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Cc: The IESG <iesg@ietf.org>, rsalz@akamai.com, acme@ietf.org, acme-chairs@ietf.org
Message-ID: <20201112235623.GP39170@kduck.mit.edu>
References: <160456339844.32027.10383263330343255957@ietfa.amsl.com> <c72efad4-76b8-e323-56f8-3735d76a1d9c@isode.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <c72efad4-76b8-e323-56f8-3735d76a1d9c@isode.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/7_pZE6EuBYR960ADDrM7UOGfgDQ>
Subject: Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-email-smime-10: (with DISCUSS and COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Nov 2020 23:56:36 -0000
Hi Alexey, On Thu, Nov 12, 2020 at 04:28:39PM +0000, Alexey Melnikov wrote: > Hi Ben, > > On 05/11/2020 08:03, Benjamin Kaduk via Datatracker wrote: > > The more straightforward point is that the procedure in section 3 > > indicates that token-part2 is returned to the ACME client over HTTPS, > > but the stated procedure does not otherwise involve an ACME client in > > initiating the newOrder request. I think we need to clarify the > > interaction/relationship between end-user/email client UI/etc and the > > ACME client in step 1. In particular, I think that "[t]his document > > doesn't prescribe how exactly S/MIME certificate issuance is initiated" > > seems incompatible with requiring there to be an ACME client involved > > (and the presumed newOrder ACME request, etc.) unless the "initiate" > > operation is supposed to be the way by which the ACME client is > > triggered to start the request. > > I propose the following new description to address your above DISCUSS > points. This probably needs another editorial pass for readability, but > I think the new description is much better for implementors: Yes, I like it. Editorial notes inline... > The process of issing an S/MIME certificate works as follows. Note > that the ACME client can be a standalone application (if the MUA is > not ACME-email-aware) or can be a component of the MUA. > > 1. An end-user initiates issuance of an S/MIME certificate for one > of her email addresses. This might be done using email client > UI, by running a command line tool, by visiting a Certificate > Authority web page, etc. This document doesn't prescribe > specific UI used to initiate S/MIME certificate issuance. Maybe also add "or where the ACME client is located" or similar at the end of the sentence? > 2. The ACME-email-aware client component begins the certificate > issuance process by sending a POST request to the server's > newOrder resource, including the identifier of type "email". See > Section 7.4 of [RFC8555] for more details. > > 3. The ACME server responds to the POST request, including nit: "an" > "authorizations" URL for the requested email address. The ACME > client then retrieves information about the corresponding "email- > reply-00" challenge as specified in Section 7.5 of [RFC8555]. > The "token" field of the corresponding "challenges" array element > (which contains "type": "email-reply-00" as another field) > contains token-part2. token-part2 should contain at least 128 > bits of entropy. Per my other message, we should talk about the "url" contents as well. > 4. After responding to the authorization request the ACME server > generates another token and a "challenge" email message with the > subject "ACME: <token-part1>", where <token-part1> is the > base64url encoded [RFC4648] of the token. The ACME server MUST nit: missing word ("form" or "version" or something, for "encoded version of the token") > generate a fresh token for each S/MIME issuance request > (authorization request), and token-part1 MUST contain at least > 128 bits of entropy. The challenge email message structure is > described in more details in Section 3.1. We might also note that the "From:" line matches the "url" field of the challenge object. > 5. The MUA retrieves and parses the challenge email message. The > ACME client concatenates "token-part1" (received over email) and > "token-part2" (received over HTTPS [RFC2818]) to create ACME (We might in theory length-prefix the token parts before concatenating for hygiene purposes, but the way they are generated doesn't really seem to open any attacks.) nit: "the ACME" > "token", calculates keyAuthorization (as per Section 8.1 of > [RFC8555]), then returns the base64url encoded SHA-256 digest > [FIPS180-4] of the key authorization. The MUA returns the > base64url encoded SHA-256 digest obtained from the ACME client in > the body of a response email message. The response email message > structure is described in more details in Section 3.2. > > 6. Once the MUA sends the response email, the ACME client can start > polling the authorization URL (using POST-as-GET request) to see nit: "requests" plural Many thanks, Ben > if the ACME server received and validated the response email > message. (See Section 7.5.1 of [RFC8555] for more details.) If > the "status" field of the challenge switches to "valid", then the > ACME client can proceed with request finalization. The > Certificate Signing Request (CSR) MUST indicate the exact same > set of requested identifiers as the initial newOrder request. > For an identifier of type "email", the PKCS#10 [RFC2986] CSR MUST > contain the requested email address in an extensionRequest > attribute [RFC2985] requesting a subjectAltName extension. If a > request to finalize an order is successful, the ACME server will > return a 200 (OK) with an updated order object. If the > certificate is issued successfully, i.e. if the order "status" is > "valid", then the ACME client can download the issued S/MIME > certificate from the URL specified in the "certificate" field. > > Best Regards, > > Alexey >
- [Acme] Benjamin Kaduk's Discuss on draft-ietf-acm… Benjamin Kaduk via Datatracker
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Alexey Melnikov
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Alexey Melnikov
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Alexey Melnikov
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Fraser Tweedale
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Alexey Melnikov