IETF Logo Mail Archive

Re: [Acme] Fixing the TLS-SNI challenge type

"Matthew D. Hardeman" <mhardeman@ipifony.com> Fri, 12 January 2018 16:07 UTC

Return-Path: <mhardeman@ipifony.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34AAB12E897 for <acme@ietfa.amsl.com>; Fri, 12 Jan 2018 08:07:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kaA31GZiO4BM for <acme@ietfa.amsl.com>; Fri, 12 Jan 2018 08:06:58 -0800 (PST)
Received: from mail.ipifony.com (mail.ipifony.com [199.71.210.39]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28CAE1270AC for <acme@ietf.org>; Fri, 12 Jan 2018 08:06:58 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.ipifony.com (Postfix) with ESMTP id A4688B40911; Fri, 12 Jan 2018 10:06:57 -0600 (CST)
X-Virus-Scanned: amavisd-new at ipifony.com
Received: from mail.ipifony.com ([127.0.0.1]) by localhost (mail.ipifony.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XOA0LITBZOaQ; Fri, 12 Jan 2018 10:06:57 -0600 (CST)
Received: from [10.47.52.51] (68-117-162-146.dhcp.unas.al.charter.com [68.117.162.146]) by mail.ipifony.com (Postfix) with ESMTPSA id 07C4EB408C7; Fri, 12 Jan 2018 10:06:57 -0600 (CST)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: "Matthew D. Hardeman" <mhardeman@ipifony.com>
In-Reply-To: <368464C2-B843-4F52-9FA8-8052A43589F3@titanous.com>
Date: Fri, 12 Jan 2018 10:06:56 -0600
Cc: acme@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <30587809-6DFC-436B-97BE-FD25A653131F@ipifony.com>
References: <F3477AAE-9C23-4FBE-B88D-E3ABC3CFB60D@ipifony.com> <368464C2-B843-4F52-9FA8-8052A43589F3@titanous.com>
To: Jonathan Rudenberg <jonathan@titanous.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/8izhCE3gbJfHK7ojnGv_JXjL0Fg>
Subject: Re: [Acme] Fixing the TLS-SNI challenge type
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jan 2018 16:07:00 -0000

Upon reflection, I concur that the risk I was concerned about would be properly hedged against by the mere combination of using the domain label being validated in the SNI name coupled with the “acme” ALPN signal.

> On Jan 12, 2018, at 8:26 AM, Jonathan Rudenberg <jonathan@titanous.com> wrote:
> 
> 
>> On Jan 11, 2018, at 22:46, Matthew D. Hardeman <mhardeman@ipifony.com> wrote:
>> 
>> Hi, guys,
>> 
>> I’m entirely new to this list and not sure whether or not I’m welcome, but I have some comments on the ALPN idea.
>> 
>> In order to actually be an improvement in security, the ALPN needs to be more than a mere marker of support.
> 
> I don’t believe this is true. I’ve already established that there are no common TLS servers that blindly repeat back ALPN protocols, and this is expected because RFC 7301 does not allow it: https://tools.ietf.org/html/rfc7301#section-3.2
> 
>> Consider:  The new mechanism is implemented and Let’s Encrypt deploys.
>> 
>> Customer’s of not-secure-shared-webhost-A complain that they can’t get validations via this easy mechanism.  (The complaint would actually likely originate internally by their own development staff.)
>> 
>> Rather than do the work to ALSO fix the insecure aspects of the infrastructure, they’ll hastily patch in the “acme" name.
> 
> This would be a vulnerability in the hosting provider, not in ACME or any ACME CA, in the same way that we wouldn’t blame the CA if a DNS provider allowed anyone to write _acme-challenge TXT records.
> 
> The reason why TLS-SNI-01/02 are in the process of being removed is a bit different, the widespread vulnerability in the shared hosting providers existed _before_ ACME, and so it makes sense to work around it to avoid unnecessarily putting users at risk. This is not the case for the proposed new method.
> 
>> To add security, perhaps the SNI that is sent should be the actual domain label that is being validated, along with the “acme” ALPN name.
> 
> This is where we are headed, I’ll be posting a new TLS-ALPN proposal today based on the feedback from Roland.
> 
>> At this point, an actual ALPN extension should negotiate the authentication, with the server having the opportunity to bind the proper target name to a desired authentication and then if and only if the server has available the account key credentials of the requestor, would it be able to answer with a proper authentication.
> 
> It’s important that the account key is not required to be online for authorization, as it allows separation of privilege, the account key can be kept safely away from publicly exposed frontend servers. A random token is sufficient, I’m not aware of any reason why requiring the account key to be online would improve security.
> 
> Jonathan

v2.23.0 | Report a Bug | By Email