Re: [Acme] ACME breaking change: Most GETs become POSTs
Richard Barnes <rlb@ipv.sx> Fri, 31 August 2018 22:09 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BB6A4130EA1 for <acme@ietfa.amsl.com>; Fri, 31 Aug 2018 15:09:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fOPapndYRUZE for <acme@ietfa.amsl.com>; Fri, 31 Aug 2018 15:09:03 -0700 (PDT)
Received: from mail-oi0-x244.google.com (mail-oi0-x244.google.com [IPv6:2607:f8b0:4003:c06::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B28B130E9B for <acme@ietf.org>; Fri, 31 Aug 2018 15:09:03 -0700 (PDT)
Received: by mail-oi0-x244.google.com with SMTP id b15-v6so24262536oib.10 for <acme@ietf.org>; Fri, 31 Aug 2018 15:09:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0El/ITENUmVYaQYLIWUtgw8dwsEIc0IUIEzVNP9l+JM=; b=y6L3Y5WWyAJAB8CnIY3M43XQqp7njl23IYy9+R2ZZ3YMLrpKNeDRw9oJSex+2WNYqW cROQNZqCAabi9A0IKKOK3tzVw5zB6qG3s/icYhZEADgMVJbhec++bDjunpg7W7tnHKOK 9K8qkGQlSYhtH0OnfZZRBbjN5OKm96vdySJN638OjqryV5wRtzvZCUXlRZLpktaGfyvr 4lbO+V9NpWJGinOyN3m/NFoUFUcXbwJbRlyms4M4cPwsqjHZ3eD6qYBb7UXiZeBUpstk pZmn4OvzxQ2Cz0oAmlGJEELXlXwsRdhhNNZcY95gWO/vFlOVEjfHspkcbKPh32CKs4lP kdsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0El/ITENUmVYaQYLIWUtgw8dwsEIc0IUIEzVNP9l+JM=; b=i5tHbmadFqIq7c55aL4uSrZmXIeMl86dP0Fy0KEdOni6HELoa2n7PFvax8lCX+ffuG dY3PqPC0a4cCWeE1ywKNayfAYRiEpsBW2ryk+A2qmoGuqGM5/t2LiwspYYID6Mcq6sPd Z76HPdikCRkud06KcK/5J1zJbSdS4QDHXAaSDDzY7U/k6zCmjae4eyNZHqTivOmNN+Lk 0ucsrZUdmslfXGPlDHOlhDINXD/7qnU9KwHUJAS2SjbpOrU+gMUnHFG7Wzk/OzAYPRYI TyY3sLDGa2ZajKmfaf7cHFcxRQyB6iYvNwJ4L8r4DMaZU0PidjTdexxKVKflIT7k/Uc5 XiOA==
X-Gm-Message-State: APzg51DPFHyb8+KLGkSOXxUM2tWezaD6MCoBLkYvS2QiUVqGsMbR5HO4 YxNyD4pIsXjjTE9ER5CG4EDFNHCcWQffXhR5+GlthyAP96I=
X-Google-Smtp-Source: ANB0Vdbt3kNVU790cJ3C+N+NYcsfMP0nqTRNk7YiHczVauLqpEBAY/hzm1XYQ2Oj2B2fbTcsPyE2U1dp3KMlPbL1WIY=
X-Received: by 2002:aca:3e03:: with SMTP id l3-v6mr9982187oia.54.1535753342301; Fri, 31 Aug 2018 15:09:02 -0700 (PDT)
MIME-Version: 1.0
References: <c33184f3-4e64-b7ea-babb-d29e2307f1f3@eff.org>
In-Reply-To: <c33184f3-4e64-b7ea-babb-d29e2307f1f3@eff.org>
From: Richard Barnes <rlb@ipv.sx>
Date: Fri, 31 Aug 2018 18:08:50 -0400
Message-ID: <CAL02cgQ1BAzYH4f1nUD3fO0dKTc4mVrJ_NnoKq+Zb0BjT9J35Q@mail.gmail.com>
To: Jacob Hoffman-Andrews <jsha@eff.org>
Cc: IETF ACME <acme@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006e53440574c27006"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/B7MrLl4dRqOHXyzP6UHAh7oOVuY>
Subject: Re: [Acme] ACME breaking change: Most GETs become POSTs
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Aug 2018 22:09:13 -0000
Hey all, This thread forked into a couple of different issues, so I wanted to post a little end-of-day summary of the issues and where we stand. I've updated the PR [1] to reflect most of today's discussion. === ISSUE 1. Should we do POST-as-GET at all, vs. keeping GET and doing the privacy analysis? It seems like there's pretty strong agreement that we should get rid of GET, as the architecturally cleanest option. === ISSUE 2: How should we signal that POST-as-GET request is different from other POST requests? The current PR signals this by sending a JWS with an empty (zero-octet) payload, instead of a JSON object. Jacob and Daniel suggested that we should instead use the payload being an empty JSON object as the signal. An earlier draft PR used a field in the protected header. === ISSUE 3: Should servers be required to allow GET requests for certificate URLs? I had proposed this earlier today; Jacob and Daniel pushed back. I have implemented a compromise in the latest PR, where servers MAY accept GET requests. === ISSUE 4: How should we address the risk that an attacker can discover URLs by probing for Unauthorized vs. Not Found? There seemed to be agreement on the list that this should be addressed with some guidance to servers on how to assign URLs. I have just added some text to the PR for this. === It seems to me we're pretty much closed on the first issue, and the other three are still open. Please send comments, so we can resolve this issue and get the document back in motion! Thanks, --Richard [1] https://github.com/ietf-wg-acme/acme/pull/445 On Thu, Aug 30, 2018 at 7:20 PM Jacob Hoffman-Andrews <jsha@eff.org> wrote: > ACME currently has unauthenticated GETs for some resources. This was > originally discussed in January 2015[1]. We decided to put all sensitive > data in the account resource and consider all GET resources public, with > a slant towards transparency. > > Adam Roach recently pointed out in his Area Director review that even > when the contents of GET URLs aren’t sensitive, their correlation may > be. For instance, some CAs might consider the grouping of certificates > by account to be sensitive. > > Richard Barnes proposes[2] to change all GETs to POSTs (except directory > and new-nonce). This will be a breaking change. Clients that were > compatible with previous drafts, informally called ACMEv1 and ACMEv2, > will not be compatible with a draft that mandates POSTs everywhere. It > will be a painful change, since the ecosystem just started switching to > ACMEv2, which looked to be near-final. > > I think this is the right path forwards. ACME will be a simpler, better > protocol long-term if all requests are authenticated. However, if we’re > taking this path we should aim to come to consensus and land the final > spec quickly to reduce uncertainty for ACME client implementers. > > [1] https://github.com/letsencrypt/acme-spec/pull/48#issuecomment-70169712 > [2] https://github.com/ietf-wg-acme/acme/pull/445/files > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
- [Acme] ACME breaking change: Most GETs become POS… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Adam Roach
- Re: [Acme] ACME breaking change: Most GETs become… Felipe Gasper
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Salz, Rich
- Re: [Acme] ACME breaking change: Most GETs become… Felipe Gasper
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Salz, Rich
- Re: [Acme] ACME breaking change: Most GETs become… Nico Williams
- Re: [Acme] ACME breaking change: Most GETs become… Tim Hollebeek
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Salz, Rich
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Daniel McCarney
- Re: [Acme] ACME breaking change: Most GETs become… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Daniel McCarney
- Re: [Acme] ACME breaking change: Most GETs become… Daniel McCarney
- Re: [Acme] ACME breaking change: Most GETs become… Nico Williams
- Re: [Acme] ACME breaking change: Most GETs become… Daniel McCarney
- Re: [Acme] ACME breaking change: Most GETs become… Nico Williams
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Adam Roach
- Re: [Acme] ACME breaking change: Most GETs become… Eric Rescorla
- Re: [Acme] ACME breaking change: Most GETs become… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Adam Roach
- Re: [Acme] ACME breaking change: Most GETs become… Nico Williams
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Felix Fontein
- Re: [Acme] ACME breaking change: Most GETs become… Yaron Sheffer
- Re: [Acme] ACME breaking change: Most GETs become… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Adam Roach
- Re: [Acme] ACME breaking change: Most GETs become… Salz, Rich
- Re: [Acme] ACME breaking change: Most GETs become… Eric Rescorla
- Re: [Acme] ACME breaking change: Most GETs become… Erica Portnoy
- Re: [Acme] ACME breaking change: Most GETs become… Alan Doherty
- Re: [Acme] ACME breaking change: Most GETs become… Erica Portnoy
- Re: [Acme] ACME breaking change: Most GETs become… Adam Roach
- Re: [Acme] ACME breaking change: Most GETs become… Alan Doherty