IETF Logo Mail Archive

Re: [Acme] Why "HTTP verification"

Eric Mill <eric@konklone.com> Wed, 03 December 2014 04:59 UTC

Return-Path: <eric@konklone.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AB36C1A008B for <acme@ietfa.amsl.com>; Tue, 2 Dec 2014 20:59:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.977
X-Spam-Level:
X-Spam-Status: No, score=-0.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id iSw_FvwgTfCs for <acme@ietfa.amsl.com>; Tue, 2 Dec 2014 20:59:01 -0800 (PST)
Received: from sasl.smtp.pobox.com (pb-smtp1.int.icgroup.com [208.72.237.35]) by ietfa.amsl.com (Postfix) with ESMTP id E51771A007E for <acme@ietf.org>; Tue, 2 Dec 2014 20:59:00 -0800 (PST)
Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 337DB23425 for <acme@ietf.org>; Tue, 2 Dec 2014 23:58:59 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; s=sasl; bh=IaFEUuhhZNU7kQQLteX5FsUcrxQ=; b=oD1Dsg +FrJMDfi5TuMNcYc8Sc2BqpkYa0MH4g3gYxVH5uqRVJ9in7ZeIeer2WlHO61tBSq QHFWvHZRVjCZkuxBDa3ME/OnKS18YDnG3CTpDmc3l4xpEj3kpfe4QgtrFXoRzYjr dFUaxCqoDOlE5pPaz3a5Yi/gHD136VVUrosK4=
Received: from pb-smtp1.int.icgroup.com (unknown [127.0.0.1]) by pb-smtp1.pobox.com (Postfix) with ESMTP id 2933023422 for <acme@ietf.org>; Tue, 2 Dec 2014 23:58:59 -0500 (EST)
Received: from mail-oi0-f51.google.com (unknown [209.85.218.51]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by pb-smtp1.pobox.com (Postfix) with ESMTPSA id 5890C23414 for <acme@ietf.org>; Tue, 2 Dec 2014 23:58:58 -0500 (EST)
Received: by mail-oi0-f51.google.com with SMTP id e131so10346025oig.24 for <acme@ietf.org>; Tue, 02 Dec 2014 20:58:57 -0800 (PST)
X-Received: by 10.60.102.211 with SMTP id fq19mr2013954oeb.2.1417582737487; Tue, 02 Dec 2014 20:58:57 -0800 (PST)
MIME-Version: 1.0
Received: by 10.182.11.36 with HTTP; Tue, 2 Dec 2014 20:58:17 -0800 (PST)
In-Reply-To: <1417562605.2793.10.camel@tls.16bits.net>
References: <B80ACB30-1A35-440E-B250-AB8C80D1FAF1@vpnc.org> <CAK6vND-001PK0gP_3Txoge2hvYiKPuA+trd9zj7PzaooOOMH3A@mail.gmail.com> <20141202194441.GA285@mournblade.imrryr.org> <CAK6vND9GcnQ1UbrLd6osj4vQ-GDr5Gwwh-Cx97nSHw-z3i5Vkw@mail.gmail.com> <1417562605.2793.10.camel@tls.16bits.net>
From: Eric Mill <eric@konklone.com>
Date: Tue, 02 Dec 2014 23:58:17 -0500
Message-ID: <CANBOYLV36YNX2bOMUVp0RrGd1yonVZnQOKDqBkfuTJzWstDuCQ@mail.gmail.com>
To: Ángel González <angel@tls.16bits.net>
Content-Type: multipart/alternative; boundary="089e01160a2e81fef7050948b3f7"
X-Pobox-Relay-ID: 171C1D96-7AA9-11E4-9FF3-42529F42C9D4-82875391!pb-smtp1.pobox.com
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/BqXA2q3zkQxIJ27ZArMwUJ7PMRI
Cc: acme@ietf.org
Subject: Re: [Acme] Why "HTTP verification"
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Dec 2014 04:59:02 -0000

Would providing the proof in an HTTP header (on an HTTPS connection using
any cert at all) be a stronger guarantee of Real Domain Control (and not
malicious user-submitted content) than providing it in the HTTP response
body?

On Tue, Dec 2, 2014 at 6:23 PM, Ángel González <angel@tls.16bits.net> wrote:

> Peter Bowen wrote:
> > On Tue, Dec 2, 2014 at 11:44 AM, Viktor Dukhovni <ietf-dane@dukhovni.org>
> wrote:
> > > On Tue, Dec 02, 2014 at 11:15:40AM -0800, Peter Bowen wrote:
> > >
> > >> The primary case where I see a problem is when the site already has a
> > >> trusted certificate and wants to use ACME to get a new certificate.
> > >> They are unlikely to want to replace their working certificate with a
> > >> self-signed certificate.  So the proof would need to happen at the
> > >> HTTP layer, not the TLS layer.
> > >
> > > They can request a certificate for the same private key.  The
> > > "self-signed" thing so not precise.  The real requirement would be
> > > *some* certificate with the same key, not necessarily self-signed.
> > > So issued by another CA should be fine.
> >
> > I would hope that many sites would have a policy of rotating their
> > private key, as a reasonable number of clients still use the same key
> > for identification and key exchange.  I'm not sure what the protocol
> > should look like for proving possession of the old and new keys at the
> > same time, but it would be good to support this case.
> >
> > Thanks,
> > Peter
>
> If the only reason for http verification is to allow a pre-existing
> certificate on 443, signing a message with the current key is a much
> stronger guarantee than placing a file accessible by http.
>
> It would be possible to steal a certificate at date X and get the new
> certificate at X+n, but since the stolen certificate would need to stay
> current, I find hard that the attacker couldn't also have obtained a
> certificate if http were used (a compromised backup maybe?). And given
> that the previous certificate would still be in use, such compromise
> would still be unnoticed.
>
> Maybe require that http proof contains the new certificate signed with
> the current cert ?
>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>



-- 
konklone.com | @konklone <https://twitter.com/konklone>

v2.23.0 | Report a Bug | By Email