IETF Logo Mail Archive

Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-acme-14: (with DISCUSS and COMMENT)

Felix Fontein <felix@fontein.de> Sun, 16 September 2018 20:42 UTC

Return-Path: <felix@fontein.de>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A665130DC4 for <acme@ietfa.amsl.com>; Sun, 16 Sep 2018 13:42:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=fontein.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3AYXGSroK07V for <acme@ietfa.amsl.com>; Sun, 16 Sep 2018 13:42:30 -0700 (PDT)
Received: from fontein.de (fontein.de [IPv6:2001:1680:101:2a::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E701128CF2 for <acme@ietf.org>; Sun, 16 Sep 2018 13:42:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=fontein.de; s=20160508; h=References:In-Reply-To:Subject:To:From:Date:Cc; bh=n8smQl8dSQSnRaMVdp9YGkIGU6yciUFELucwg2Clo2c=; b=toZ42MTbYttzbbP0fnJUxuJoqB mvFK8HV0UDTXKzZFgDM1CO0m6kdPHPz+erCMfQ3TfJLwCBZrNAsw6ioji2Y4zfI8hZZ3B9Z5NoFsG hqB9XKb3R0wJCIn75s0+2NeT3aCx6k8cVw5pMrxZmZ7hZx3XUDP/ph0sm/uS/H8zXy8RLY4xx7Dv6 XPkKn3Ccoqsr12YmHKJjwm9NOwoR1jBEFVsG5broietHewXhMmFKfDRDcwgZRJNyMfPMOt5nirVQR LkrbTHZWXnQlyQBGwwBX4xSOiwXA5bzhxLp4yYiVzJxadAAZAzSBAkHKq4vUJ2GtaPzqK2LT50NzJ PtMJT2sWBrjI2pQNmj9eBXfg5erdFivzpY+XaJ7b7CUfrhlCwg+WHMooT85g8u+mtmqIuY/A09ZG2 qkjBpb6SNhpBB2gx6a8OyfpISzbl+EtcHdUDWvJ2Y2UIAXgLzsX9Np+bpQArt44BbeVVbxgw59N4/ oi4fDs22KQ2gsqx8VmHcl/VFxzeGBZl57PEWAa3tMKE0HMxUN86BWMvceQlC4SvY+JXyT/p6rL0dN sii/uSj4KPnB41PknUgPsWEDalevT3hP6yUIPbWxde5Oy27iDq4ZgDcK8R9HcQ2VUUXC1kkujMhMq cV9zQ4p/1pFIYaCblSmeST2I741UoqyZBITP9CLcA=;
Received: from 77-58-146-129.dclient.hispeed.ch ([77.58.146.129] helo=rovaniemi) by fontein.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim) (envelope-from <felix@fontein.de>) id 1g1dsB-0002ZP-Dh for acme@ietf.org; Sun, 16 Sep 2018 22:42:27 +0200
Date: Sun, 16 Sep 2018 22:42:26 +0200
From: Felix Fontein <felix@fontein.de>
To: acme@ietf.org
Message-ID: <20180916224226.771fb83f@rovaniemi>
In-Reply-To: <20180916154734.GA48265@kduck.kaduk.org>
References: <153556883241.14872.599302420878484743.idtracker@ietfa.amsl.com> <CAL02cgQoC1YAA1wjftoFSMBfm7Vi4KUXUQW633GZ5tM9VMMrmg@mail.gmail.com> <CAKnbcLgNrmqWp4BUz=c2-Y5NQ3FqfPe3-RqRp_ocWxv+c+jWWA@mail.gmail.com> <20180916015154.GU48265@kduck.kaduk.org> <20180916173537.1fe0d18d@rovaniemi> <20180916154142.GZ48265@kduck.kaduk.org> <20180916154734.GA48265@kduck.kaduk.org>
X-Mailer: Claws Mail 3.17.1 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Spam_score: -2.9
X-Spam_score_int: -28
X-Spam_bar: --
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/DIbwZCCPTwr09dO70yhF5_DOI8A>
Subject: Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-acme-14: (with DISCUSS and COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Sep 2018 20:42:33 -0000

Hi,

> > > > > >    [...] Secondly, the entropy requirement
> > > > > >    prevents ACME clients from implementing a "naive"
> > > > > > validation server that automatically replies to challenges
> > > > > > without participating in the creation of the initial
> > > > > > authorization request.
> > > > > >
> > > > > > IMPORTANT: I'm not sure I see how this applies to the HTTP
> > > > > > mechanism -- couldn't you write a script to reply
> > > > > > to .well-known/acme-challenge/<foo> with <foo>.<key
> > > > > > thumbprint> for a fixed key thumbprint?  The validation
> > > > > > thumbprint> server would ned to
> > > > > > know about the ACME account in question, but not about any
> > > > > > individual authorization request.    
> > > > > 
> > > > > It would also need to know the <foo> value, which is not
> > > > > provided in the validation request specifically to avoid
> > > > > this.    
> > > > 
> > > > As I said above, "[w]ell now I'm really confused."  In the
> > > > example HTTP challenge exchange (duplicated here):
> > > > 
> > > > GET /.well-known/acme-challenge/LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0
> > > > Host: example.org
> > > > 
> > > > HTTP/1.1 200 OK
> > > > Content-Type: application/octet-stream
> > > > 
> > > > LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0.9jg46WB3rR_AHD-EBXdN7cBkH1WOu0tA3M9fm21mqTI
> > > > 
> > > > Doesn't the path in the GET include the <foo>?  
> > > 
> > > Yes, and some people are already using this to add a generic
> > > authorization replier (which needs the thumbprint of the account
> > > key). For example, the acme.sh client supports this "stateless
> > > mode" (as it is called there):
> > > https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode  
> > 
> > Okay, that matches up with my understanding and maybe un-confuses
> > me.
> > 
> > But does this state of affairs nullify the text in the -14 about:
> > 
> >    [...] the entropy requirement
> >    prevents ACME clients from implementing a "naive" validation
> > server that automatically replies to challenges without
> > participating in the creation of the initial authorization request.
> > 
> > ?  
> 
> Also, if we wanted to prevent this sort of dumb script, it seems like
> we could have the ACME server do a 
> GET /.well-known/acme-challenge/<hash-of-token>
> instead of
> GET /.well-known/acme-challenge/<token>
> 
> and expect the un-hashed token in the response body.  (Witih obvious
> questions about explicit hash agility vs. hardcoding a hash per
> challenge type.)

That would work. However, I'm not sure whether this should really be
disallowed. I also understand the text from draft-14 as you do, but I
since this incorporates the account key hash, it doesn't validate for
challenges coming from other ACME accounts.

Also, there has been a proposal
(https://github.com/ietf-wg-acme/acme/issues/393) to allow something
similar for DNS validation (as dns-02), which explicitly mentions this
automation. Since nobody responded that such an automation is unwanted,
my assumption is that this automation is a feature and not a bug. It
would be nice if this would be more clear from the text, though.

Cheers,
Felix

v2.23.0 | Report a Bug | By Email