IETF Logo Mail Archive

Re: [Acme] Obtaining the Tor hidden service descriptor for draft-ietf-acme-onion

Seo Suchan <tjtncks@gmail.com> Tue, 17 October 2023 09:34 UTC

Return-Path: <tjtncks@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A1D3C15152C for <acme@ietfa.amsl.com>; Tue, 17 Oct 2023 02:34:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.602
X-Spam-Level:
X-Spam-Status: No, score=-1.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MKVjSxRnWqI2 for <acme@ietfa.amsl.com>; Tue, 17 Oct 2023 02:33:55 -0700 (PDT)
Received: from mail-pf1-x42e.google.com (mail-pf1-x42e.google.com [IPv6:2607:f8b0:4864:20::42e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DE71BC15109D for <acme@ietf.org>; Tue, 17 Oct 2023 02:33:55 -0700 (PDT)
Received: by mail-pf1-x42e.google.com with SMTP id d2e1a72fcca58-6b1ef786b7fso3740348b3a.3 for <acme@ietf.org>; Tue, 17 Oct 2023 02:33:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1697535235; x=1698140035; darn=ietf.org; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:user-agent:subject:cc:to:from:date:from:to:cc:subject :date:message-id:reply-to; bh=3RI/9v+C1jR35ClKPEeau/9y+c+YO6j1TQAdvhFFec0=; b=BHfD9Rvs+wFCXjcarkZaKmTfescwwVtIR7STAi5tMGbNTuzhR1Kl4dPsDzIe2x3Wqt OD0c8lDnXVzIZhPL+wfZLck99vKzIC308JPzpJPVFp3JQ8FDwkSL+fHVla2SZ2eFEDr4 fFb1oAnMTxJ58uurA6LsS++xEpRgpdMgaORUW7uYneNA9GSVL7AGZmir36VxzuG9+/6H T16+yTNq9dpTgUFXkbQO6tKcTXaPzf9stnsHlmQG4iZQ/YN0CZPa0cpCJWJUa4VNg1Vm 34+rARDj3NkFDmQqytucyc2qiy2IhGKwoXwxzRoXZg+ItVWdl08JLR/45T/hCF4C7o6A 9XlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697535235; x=1698140035; h=content-transfer-encoding:mime-version:message-id:references :in-reply-to:user-agent:subject:cc:to:from:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=3RI/9v+C1jR35ClKPEeau/9y+c+YO6j1TQAdvhFFec0=; b=d+yBuaqVdsKZ9Eu4f6uKrT0h2evzC/yE6R5+tufvT2i8s8LADfbldxJv0eEyXEXG4c 78sQ5AhTOXc+YKYCIak+S2k/nLrQD6Qf0ptNZM8GNP05kJwDs1hFGRubb8Fr58Wt5PIC dGbmMR6bw16Y8N+Adf5aR77iZ+LAJATFB7XzatYFnVA3s1tgqKQrsT7sQNb6BySWzlxl AQgC0IHmN81V/725u+IHUWv4N051YqgLnUAHvZ3nmTGtHk+BAsiG6dFCjSzvV7eZB50H Jx9Wlu1p8gpEHyECD5XxN3tHDCSwL2mweJHXT+L1Zr0xEoG2Fc6miGLvbk3YjuMGgE6s D4Xg==
X-Gm-Message-State: AOJu0YxP4mRW/NvfyH/CByvI9RF9C15g7KI5FFCJT7Na3FOF6ITLbBlV Uuu4Rzj3t4jGOgNhYbCaxqPmw9UeNxStSQ==
X-Google-Smtp-Source: AGHT+IGyfgpf5GH2PJMi3FKk0H5O3SNLp28qSC/iv3S1LKwXQU73h8uN5229OH2AvMUKU1Ol1mXD5w==
X-Received: by 2002:a05:6a00:1a88:b0:6b8:828:d934 with SMTP id e8-20020a056a001a8800b006b80828d934mr1623937pfv.6.1697535235079; Tue, 17 Oct 2023 02:33:55 -0700 (PDT)
Received: from [127.0.0.1] ([175.194.200.171]) by smtp.gmail.com with ESMTPSA id z68-20020a626547000000b00688435a9915sm1003681pfb.189.2023.10.17.02.33.53 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 17 Oct 2023 02:33:54 -0700 (PDT)
Date: Tue, 17 Oct 2023 18:33:50 +0900
From: Seo Suchan <tjtncks@gmail.com>
To: Q Misell <q@as207960.net>
CC: acme@ietf.org
User-Agent: K-9 Mail for Android
In-Reply-To: <CAMEWqGs4zmxp66MMW_+z1j1ts9fvS8Gia=zKor7HxVQnUKvbkw@mail.gmail.com>
References: <CAMEWqGvnrgp=f4eO1nQ9hzzCnY2z-pxE8fyQvHnzTDYCx-jq6A@mail.gmail.com> <ZSWikYeVECjUrLM0@localhost> <CAMEWqGuJMA99nF8QCC+mJS3N1hSu3Gakvh+=bgo5H-VDgK8Z9g@mail.gmail.com> <CAMEWqGvN1n91eNZzZNfPQ89-Xoj-d9f_rPy0t_byneeDhxNStg@mail.gmail.com> <CAMEWqGt-+xxw3amX17Q247L0HiirAz5aDy7YWPFfSDGp5iMH+g@mail.gmail.com> <f96a266c-a55e-434b-8652-7f9854f643bc@gmail.com> <CAMEWqGs4zmxp66MMW_+z1j1ts9fvS8Gia=zKor7HxVQnUKvbkw@mail.gmail.com>
Message-ID: <A5C851EB-90CC-4C7D-97C9-2C287BA8446D@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----3BZBJYB447TRTEDMLOOKSJWAVNT0ZI"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/As5mfkiJPZ2EWgRaVk_E32BrFqI>
Subject: Re: [Acme] Obtaining the Tor hidden service descriptor for draft-ietf-acme-onion
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Oct 2023 09:34:00 -0000

well if CA is willing to run tor In house they can read caa record tor network (CA/B br forbids using external proxy to access tor website for verification perpose) and for onion challenge it already have the key to sign this on demand
and it's kinda vague when acme server are running tor client and see caa in finalization object : it may process it or ignore it and even reject finalization because not implementing this extension as they think not needed

On 2023년 10월 17일 오후 6시 23분 21초 GMT+09:00, Q Misell <q@as207960.net> 작성함:
>The rationale for expiry is that in the case of http-01 or tls-alpn-01 the
>ACME client need not have access to the Onion service's secret key. A long
>lived CAA signature could be generated with the key, provided to the ACME
>client to use, and the key could be kept away from the ACME client and only
>available on the machine running the Tor proxy.
>------------------------------
>
>Any statements contained in this email are personal to the author and are
>not necessarily the statements of the company unless specifically stated.
>AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace,
>Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company
>registered in Wales under № 12417574
><https://find-and-update.company-information.service.gov.uk/company/12417574>,
>LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876
><https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU
>VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №:
>522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru
>maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca
>Digital, is a company registered in Estonia under № 16755226. Estonian VAT
>№: EE102625532. Glauca Digital and the Glauca logo are registered
>trademarks in the UK, under № UK00003718474 and № UK00003718468,
>respectively.
>
>
>On Tue, 17 Oct 2023 at 04:15, Seo Suchan <tjtncks@gmail.com> wrote:
>
>>
>> not sure giving expiry by client side is meaningful: as we send this at
>> finalization step, and as something would be very wrong if one request
>> another certificate in 8 hours from last certificate so whatever value
>> client may put there will be expired by the time we request: in effect it'd
>> be act more like timestamp and if it is I kinda want it to be nonce for
>> that certificate finalization explicitly.
>> 2023-10-17 오전 3:10에 Q Misell 이(가) 쓴 글:
>>
>> Hi all,
>>
>> In-band CAA is now implemented on the reference CA at
>> https://acmeforonions.org and in the certbot-onion
>> <https://pypi.org/project/certbot-onion/> plugin.
>> draft-ietf-acme-onion-01 has also been published with the in-band CAA spec
>> (refined from my last email from issues that arose during implementation).
>>
>> Cheers,
>> Q
>> ------------------------------
>>
>> Any statements contained in this email are personal to the author and are
>> not necessarily the statements of the company unless specifically stated.
>> AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace,
>> Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company
>> registered in Wales under № 12417574
>> <https://find-and-update.company-information.service.gov.uk/company/12417574>,
>> LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876
>> <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867.
>> EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №:
>> 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru
>> maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca
>> Digital, is a company registered in Estonia under № 16755226. Estonian VAT
>> №: EE102625532. Glauca Digital and the Glauca logo are registered
>> trademarks in the UK, under № UK00003718474 and № UK00003718468,
>> respectively.
>>
>>
>> On Fri, 13 Oct 2023 at 17:19, Q Misell <q@as207960.net> wrote:
>>
>>> I've found some time to specify in-band CAA, a quick first draft is in
>>> the working draft[1]. Looking forward to hearing people's thoughts.
>>>
>>> [1]:
>>> https://as207960.github.io/acme-onion/draft-ietf-acme-onion.html#name-alternative-in-band-present
>>> ------------------------------
>>>
>>> Any statements contained in this email are personal to the author and are
>>> not necessarily the statements of the company unless specifically stated.
>>> AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace,
>>> Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company
>>> registered in Wales under № 12417574
>>> <https://find-and-update.company-information.service.gov.uk/company/12417574>,
>>> LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876
>>> <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867.
>>> EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №:
>>> 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru
>>> maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca
>>> Digital, is a company registered in Estonia under № 16755226. Estonian VAT
>>> №: EE102625532. Glauca Digital and the Glauca logo are registered
>>> trademarks in the UK, under № UK00003718474 and № UK00003718468,
>>> respectively.
>>>
>>>
>>> On Tue, 10 Oct 2023 at 21:22, Q Misell <q@as207960.net> wrote:
>>>
>>>> Hi Silvio,
>>>>
>>>> Thanks for that info, that's quite helpful.
>>>>
>>>> I think the idea of allowing the client to just send the CAA lines
>>>> signed by its key would work well, and remove most if not all of the
>>>> problems I've been running into.
>>>> I'll work on implementing that in my draft, and see how difficult it'd
>>>> be to get that part only working in Boulder (as Let's Encrypt have already
>>>> indicated that they won't be implementing http-01 and tls-alpn-01 for
>>>> hidden services).
>>>>
>>>> Cheers,
>>>> Q
>>>> ------------------------------
>>>>
>>>> Any statements contained in this email are personal to the author and
>>>> are not necessarily the statements of the company unless specifically
>>>> stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan
>>>> Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company
>>>> registered in Wales under № 12417574
>>>> <https://find-and-update.company-information.service.gov.uk/company/12417574>,
>>>> LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876
>>>> <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867.
>>>> EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №:
>>>> 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru
>>>> maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca
>>>> Digital, is a company registered in Estonia under № 16755226. Estonian VAT
>>>> №: EE102625532. Glauca Digital and the Glauca logo are registered
>>>> trademarks in the UK, under № UK00003718474 and № UK00003718468,
>>>> respectively.
>>>>
>>>>
>>>> On Tue, 10 Oct 2023 at 20:14, rhatto <rhatto@torproject.org> wrote:
>>>>
>>>>> On Thu, Sep 07, 2023 at 04:55:51PM +0100, Q Misell wrote:
>>>>> > I've had some discussion recently with the Tor project on
>>>>> implementation
>>>>> > hurdles for draft-ietf-acme-onion. One concern that has been raised
>>>>> by a few is
>>>>> > the need to run a Tor client to validate requests, even with
>>>>> onion-csr-01, due
>>>>> > to the inclusion of CAA in the draft.
>>>>>
>>>>> Hi Q, and thanks for bringing this up.
>>>>>
>>>>> > One solution proposed to this is that the ACME client MAY[1] send the
>>>>> hidden
>>>>> > service descriptor to CA as part of the finalize request. The CA also
>>>>> MAY
>>>>> > require this, if they do not wish to run a Tor client. This, to my
>>>>> knowledge,
>>>>> > wouldn't reduce the security of the validation of CAA, as the
>>>>> descriptor
>>>>> > document is still cryptographically validated in the same way using
>>>>> the current
>>>>> > network consensus. Additionally the directory authorities that serve
>>>>> > descriptors are already non-trusted actors in Tor.
>>>>> >
>>>>> > The CA would still need a copy of the network consensus document to
>>>>> verify
>>>>> > the descriptor submitted by the client. Most directory authorities
>>>>> however
>>>>> > are reachable over standard HTTP over TCP, in addition to HTTP over
>>>>> Tor.
>>>>> > This would allow the CA to fetch the current consensus without any
>>>>> > connection to Tor. The consensus fetched this way would still be
>>>>> verified
>>>>> > against the trusted directory authorities of Tor[2].
>>>>>
>>>>> Specifically, the "valid-after", "fresh-until", and "hsdir_interval" are
>>>>> the only consensus items needed to parse, decrypt and validate an Onion
>>>>> Service descriptor.
>>>>>
>>>>> > What are people's thoughts on this, and more importantly, what
>>>>> problems do
>>>>> > people see with this?
>>>>>
>>>>> After a lengthy discussion with Tor developers, we suggest the following
>>>>> options, prioritizing the least complex:
>>>>>
>>>>> 0. ACME clients MAY send "valid-after", "fresh-until" and "hs_interval"
>>>>>    along with the descriptor, which would allow the ACME Server to
>>>>> verify
>>>>>    CAA in a stateless way, without bootstrapping Tor to fetch the
>>>>>    descriptor and without fetching the network consensus.
>>>>>
>>>>> 1. Only the descriptor is sent by the ACME client, so the ACME server
>>>>> would
>>>>>    need to fetch and cache the network consensus.
>>>>>
>>>>> 2. The ACME client does not send the descriptor, leaving to the ACME
>>>>> server
>>>>>    the job of fetching it, as stated on draft-ietf-acme-onion-00.
>>>>>
>>>>> For options 0 and 1 above, there are two ways that a consensus (or just
>>>>> the
>>>>> needed items) can be fetched either by ACME clients or servers:
>>>>>
>>>>> a. Through the Tor network, from one of many directory caches.
>>>>>
>>>>>    As this involves bootstrapping Tor, it makes more sense for ACME
>>>>>    clients to do this fetching, as clients are probably already
>>>>> connected
>>>>>    to Tor in order to run an Onion Service or to make the ACME request
>>>>>    through Tor.
>>>>>
>>>>> b. Doing HTTP over TCP, or HTTP over Tor to the directory authorities.
>>>>>
>>>>>    While this is supported nowadays, it's not guaranteed to work in the
>>>>>    long term, since this method is deprecated in favor of the approach
>>>>>    above, and DirAuths may even stop serving the consensus directly by
>>>>> HTTP
>>>>>    at some point.
>>>>>
>>>>>    This also requires checking the DirAuths' signatures in the consensus
>>>>>    document.
>>>>>
>>>>> > Should this be incorporated into the draft?
>>>>>
>>>>> Yes, we support this idea, but also note that, despite parsing and
>>>>> validating an .onion descriptor being relatively straightforward, it
>>>>> involves more code to be maintained.
>>>>>
>>>>> We understand that signed CAA parameters could be accepted directly in
>>>>> an ACME API request without reducing security and the need to process an
>>>>> entire descriptor.
>>>>>
>>>>> --
>>>>> Silvio Rhatto
>>>>> pronouns he/him
>>>>> _______________________________________________
>>>>> Acme mailing list
>>>>> Acme@ietf.org
>>>>> https://www.ietf.org/mailman/listinfo/acme
>>>>>
>>>>
>> _______________________________________________
>> Acme mailing listAcme@ietf.orghttps://www.ietf.org/mailman/listinfo/acme
>>
>> _______________________________________________
>> Acme mailing list
>> Acme@ietf.org
>> https://www.ietf.org/mailman/listinfo/acme
>>

v2.23.0 | Report a Bug | By Email