IETF Logo Mail Archive

Re: [Acme] Obtaining the Tor hidden service descriptor for draft-ietf-acme-onion

Q Misell <q@as207960.net> Tue, 10 October 2023 20:23 UTC

Return-Path: <q@as207960.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C77AC1519AB for <acme@ietfa.amsl.com>; Tue, 10 Oct 2023 13:23:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=as207960.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oNnXUbL7SoJT for <acme@ietfa.amsl.com>; Tue, 10 Oct 2023 13:23:10 -0700 (PDT)
Received: from mail-ed1-x532.google.com (mail-ed1-x532.google.com [IPv6:2a00:1450:4864:20::532]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32D5BC1519A7 for <acme@ietf.org>; Tue, 10 Oct 2023 13:23:09 -0700 (PDT)
Received: by mail-ed1-x532.google.com with SMTP id 4fb4d7f45d1cf-536b39daec1so10317446a12.2 for <acme@ietf.org>; Tue, 10 Oct 2023 13:23:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=as207960.net; s=google; t=1696969387; x=1697574187; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ASrin12s+Pw8PM5lw/EvBdq4ZFJZdzLndpcaPjnMYDc=; b=JQEsccNPsjknmww+G47AMgBeOv1vx0AtqFe0WZ8R43D/e1s2AI98j2+WAIdXJ0fAGd CaM56wt3sZMu35OSHYYvZyYT51oGosYHq5lDIrWZOmEhabcZHbkiyg2y7T2KpHxN3HIy ZpBTfcB49RpEM8SCJz+6YGxvQpuW79vys3TxJLsCBoCIezE/VFTLXGJ44CH2RnN7egd0 g+orX3oo/ab9BAy4e9xiLUjYx9GJ4yCvU/UOxpkraU2b32vpauK//mEH7jdgnY/2+gP2 4ik39y5pSMU2wbcw7nkMz3RnfaIqbHwVlMizQrHrSMQ4XNPm9nfS/GA1sITaXZP7Gmf5 NbNQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1696969387; x=1697574187; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ASrin12s+Pw8PM5lw/EvBdq4ZFJZdzLndpcaPjnMYDc=; b=ig6/ifkArhAs47z+Q+7xE93i1LjoaYnRCoPv1y4iBeBE+k8ej+VABHPgSJqezWx5PR sdAyKkZA6E5EfXzZXCwO/pHwYLs1yZTAjRUr8Wm/QgJd2s62Fo8+YoOEjHg+VtH1rKVc oJ5Fd2EBxNXR/QtN57lMb60/ApjSSaDZFU6J9Moaj5i0w2eVGAela9BmEfgola+x+pVd iL7rCdGwPgG02NVr3Gx5+35psLJ/w0vFzxK/ZVrdhKWiQag3eh6EzJj9I4QDeh7ZXwd3 RdC1/FA3YuFATNkPffo2gp/baSPfDVI1aayDxF/vKTUuiSvHtm9cvQv2lMcmtzV66Box eD2w==
X-Gm-Message-State: AOJu0YxN1xSSDxfS1oV0L/SXnEV0Flvi0glL7kWKS0mWm5ve313hDjV0 /u6wWX/idPqhwqcG9HpJcafzSiC95m2pJPMMn2KtdEM5eRGNlzAsptE=
X-Google-Smtp-Source: AGHT+IH4FVQ0s3qLYRjwsUdMPMEfLHzrzMLZ8VQmMKSmnKcTQBMZTL9DlGub9nRJhl1eVv3jmCKTIK3FJuKEQSqQS1Y=
X-Received: by 2002:a17:906:7492:b0:9b2:d018:20b2 with SMTP id e18-20020a170906749200b009b2d01820b2mr17760375ejl.39.1696969387089; Tue, 10 Oct 2023 13:23:07 -0700 (PDT)
MIME-Version: 1.0
References: <CAMEWqGvnrgp=f4eO1nQ9hzzCnY2z-pxE8fyQvHnzTDYCx-jq6A@mail.gmail.com> <ZSWikYeVECjUrLM0@localhost>
In-Reply-To: <ZSWikYeVECjUrLM0@localhost>
From: Q Misell <q@as207960.net>
Date: Tue, 10 Oct 2023 21:22:30 +0100
Message-ID: <CAMEWqGuJMA99nF8QCC+mJS3N1hSu3Gakvh+=bgo5H-VDgK8Z9g@mail.gmail.com>
To: rhatto <rhatto@torproject.org>
Cc: Q Misell <q=40as207960.net@dmarc.ietf.org>, IETF ACME <acme@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000083353506076279bb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/ClG47I_4Yf_dlZnK5R-39c4HLwY>
Subject: Re: [Acme] Obtaining the Tor hidden service descriptor for draft-ietf-acme-onion
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2023 20:23:14 -0000

Hi Silvio,

Thanks for that info, that's quite helpful.

I think the idea of allowing the client to just send the CAA lines signed
by its key would work well, and remove most if not all of the problems I've
been running into.
I'll work on implementing that in my draft, and see how difficult it'd be
to get that part only working in Boulder (as Let's Encrypt have already
indicated that they won't be implementing http-01 and tls-alpn-01 for
hidden services).

Cheers,
Q
------------------------------

Any statements contained in this email are personal to the author and are
not necessarily the statements of the company unless specifically stated.
AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace,
Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company
registered in Wales under № 12417574
<https://find-and-update.company-information.service.gov.uk/company/12417574>,
LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876
<https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU
VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №:
522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru
maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca
Digital, is a company registered in Estonia under № 16755226. Estonian VAT
№: EE102625532. Glauca Digital and the Glauca logo are registered
trademarks in the UK, under № UK00003718474 and № UK00003718468,
respectively.


On Tue, 10 Oct 2023 at 20:14, rhatto <rhatto@torproject.org> wrote:

> On Thu, Sep 07, 2023 at 04:55:51PM +0100, Q Misell wrote:
> > I've had some discussion recently with the Tor project on implementation
> > hurdles for draft-ietf-acme-onion. One concern that has been raised by a
> few is
> > the need to run a Tor client to validate requests, even with
> onion-csr-01, due
> > to the inclusion of CAA in the draft.
>
> Hi Q, and thanks for bringing this up.
>
> > One solution proposed to this is that the ACME client MAY[1] send the
> hidden
> > service descriptor to CA as part of the finalize request. The CA also MAY
> > require this, if they do not wish to run a Tor client. This, to my
> knowledge,
> > wouldn't reduce the security of the validation of CAA, as the descriptor
> > document is still cryptographically validated in the same way using the
> current
> > network consensus. Additionally the directory authorities that serve
> > descriptors are already non-trusted actors in Tor.
> >
> > The CA would still need a copy of the network consensus document to
> verify
> > the descriptor submitted by the client. Most directory authorities
> however
> > are reachable over standard HTTP over TCP, in addition to HTTP over Tor.
> > This would allow the CA to fetch the current consensus without any
> > connection to Tor. The consensus fetched this way would still be verified
> > against the trusted directory authorities of Tor[2].
>
> Specifically, the "valid-after", "fresh-until", and "hsdir_interval" are
> the only consensus items needed to parse, decrypt and validate an Onion
> Service descriptor.
>
> > What are people's thoughts on this, and more importantly, what problems
> do
> > people see with this?
>
> After a lengthy discussion with Tor developers, we suggest the following
> options, prioritizing the least complex:
>
> 0. ACME clients MAY send "valid-after", "fresh-until" and "hs_interval"
>    along with the descriptor, which would allow the ACME Server to verify
>    CAA in a stateless way, without bootstrapping Tor to fetch the
>    descriptor and without fetching the network consensus.
>
> 1. Only the descriptor is sent by the ACME client, so the ACME server would
>    need to fetch and cache the network consensus.
>
> 2. The ACME client does not send the descriptor, leaving to the ACME server
>    the job of fetching it, as stated on draft-ietf-acme-onion-00.
>
> For options 0 and 1 above, there are two ways that a consensus (or just the
> needed items) can be fetched either by ACME clients or servers:
>
> a. Through the Tor network, from one of many directory caches.
>
>    As this involves bootstrapping Tor, it makes more sense for ACME
>    clients to do this fetching, as clients are probably already connected
>    to Tor in order to run an Onion Service or to make the ACME request
>    through Tor.
>
> b. Doing HTTP over TCP, or HTTP over Tor to the directory authorities.
>
>    While this is supported nowadays, it's not guaranteed to work in the
>    long term, since this method is deprecated in favor of the approach
>    above, and DirAuths may even stop serving the consensus directly by HTTP
>    at some point.
>
>    This also requires checking the DirAuths' signatures in the consensus
>    document.
>
> > Should this be incorporated into the draft?
>
> Yes, we support this idea, but also note that, despite parsing and
> validating an .onion descriptor being relatively straightforward, it
> involves more code to be maintained.
>
> We understand that signed CAA parameters could be accepted directly in
> an ACME API request without reducing security and the need to process an
> entire descriptor.
>
> --
> Silvio Rhatto
> pronouns he/him
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>

v2.23.0 | Report a Bug | By Email