IETF Logo Mail Archive

Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-acme-14: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Sun, 16 September 2018 15:47 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33C20128CE4 for <acme@ietfa.amsl.com>; Sun, 16 Sep 2018 08:47:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.202
X-Spam-Level:
X-Spam-Status: No, score=-4.202 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MJutLSXeCAmv for <acme@ietfa.amsl.com>; Sun, 16 Sep 2018 08:47:43 -0700 (PDT)
Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu [18.9.25.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9153F120072 for <acme@ietf.org>; Sun, 16 Sep 2018 08:47:43 -0700 (PDT)
X-AuditID: 1209190e-ef5ff7000000466d-e2-5b9e7b1d5623
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP id 05.BE.18029.E1B7E9B5; Sun, 16 Sep 2018 11:47:42 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w8GFlcUE024101 for <acme@ietf.org>; Sun, 16 Sep 2018 11:47:39 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w8GFlY7U018576 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for <acme@ietf.org>; Sun, 16 Sep 2018 11:47:37 -0400
Date: Sun, 16 Sep 2018 10:47:35 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: acme@ietf.org
Message-ID: <20180916154734.GA48265@kduck.kaduk.org>
References: <153556883241.14872.599302420878484743.idtracker@ietfa.amsl.com> <CAL02cgQoC1YAA1wjftoFSMBfm7Vi4KUXUQW633GZ5tM9VMMrmg@mail.gmail.com> <CAKnbcLgNrmqWp4BUz=c2-Y5NQ3FqfPe3-RqRp_ocWxv+c+jWWA@mail.gmail.com> <20180916015154.GU48265@kduck.kaduk.org> <20180916173537.1fe0d18d@rovaniemi> <20180916154142.GZ48265@kduck.kaduk.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20180916154142.GZ48265@kduck.kaduk.org>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrAIsWRmVeSWpSXmKPExsUixG6noitXPS/a4PVTSYtVzwMdGD2WLPnJ FMAYxWWTkpqTWZZapG+XwJXRtPARY0GrSMX7E5tYGhif8XcxcnJICJhInP36iqWLkYtDSGAx k8TnCxtYIZyjjBK31n1ihHBeMkm8mHOPCaSFRUBVou/rD0YQm01ARaKh+zIziC0iICjxdulb ti5GDg5hgVSJw6sqQcK8QBsO7boDNecak8TZ2duZIBKCEidnPmEBsZkFtCRu/HvJBNLLLCAt sfwfB0iYU8BU4u3yg+wgtqiAssTevkPsExj5ZyHpnoWkexZC9wJG5lWMsim5Vbq5iZk5xanJ usXJiXl5qUW6xnq5mSV6qSmlmxhBgccpybeDcVKD9yFGAQ5GJR7eiJC50UKsiWXFlbmHGCU5 mJREebd6zY4W4kvKT6nMSCzOiC8qzUktPsQowcGsJML78ducaCHelMTKqtSifJiUNAeLkjjv Wd3J0UIC6YklqdmpqQWpRTBZGQ4OJQlejqp50UKCRanpqRVpmTklCGkmDk6Q4TxAw1MqgWp4 iwsSc4sz0yHypxh1Of68nzqJWYglLz8vVUqc9x5IkQBIUUZpHtwcUMKQyN5f84pRHOgtYd5S kHU8wGQDN+kV0BImoCUZG0A+KC5JREhJNTCqLS65cpothu9JrfrxvP+bM4wvGN7cM+XvP4Ho Ve62OpqrK3n6QsySK/jr3WbMne1n+OyTufdy1ubGN6fXNsyoOT3/SmzL4q3PZ3tsW2z0zlJD ok7dU6Tqj+n7sl9NHKrzrvc3OIQdlIm9V9Sb3rJ5j5K/9eQtcZrdax9qSP2pZYq9nnqmaZMS S3FGoqEWc1FxIgD1zojH8wIAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/FEIEZnCuXuPimX2sVP3hPe1tqNA>
Subject: Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-acme-14: (with DISCUSS and COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Sep 2018 15:47:45 -0000

On Sun, Sep 16, 2018 at 10:41:42AM -0500, Benjamin Kaduk wrote:
> On Sun, Sep 16, 2018 at 05:35:37PM +0200, Felix Fontein wrote:
> > Hi,
> > 
> > > > >    [...] Secondly, the entropy requirement
> > > > >    prevents ACME clients from implementing a "naive" validation
> > > > > server that automatically replies to challenges without
> > > > > participating in the creation of the initial authorization
> > > > > request.
> > > > >
> > > > > IMPORTANT: I'm not sure I see how this applies to the HTTP
> > > > > mechanism -- couldn't you write a script to reply
> > > > > to .well-known/acme-challenge/<foo> with <foo>.<key thumbprint>
> > > > > for a fixed key thumbprint?  The validation server would ned to
> > > > > know about the ACME account in question, but not about any
> > > > > individual authorization request.  
> > > > 
> > > > It would also need to know the <foo> value, which is not provided
> > > > in the validation request specifically to avoid this.  
> > > 
> > > As I said above, "[w]ell now I'm really confused."  In the example
> > > HTTP challenge exchange (duplicated here):
> > > 
> > > GET /.well-known/acme-challenge/LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0
> > > Host: example.org
> > > 
> > > HTTP/1.1 200 OK
> > > Content-Type: application/octet-stream
> > > 
> > > LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0.9jg46WB3rR_AHD-EBXdN7cBkH1WOu0tA3M9fm21mqTI
> > > 
> > > Doesn't the path in the GET include the <foo>?
> > 
> > Yes, and some people are already using this to add a generic
> > authorization replier (which needs the thumbprint of the account key).
> > For example, the acme.sh client supports this "stateless mode" (as it
> > is called there):
> > https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode
> 
> Okay, that matches up with my understanding and maybe un-confuses me.
> 
> But does this state of affairs nullify the text in the -14 about:
> 
>    [...] the entropy requirement
>    prevents ACME clients from implementing a "naive" validation server
>    that automatically replies to challenges without participating in the
>    creation of the initial authorization request.
> 
> ?

Also, if we wanted to prevent this sort of dumb script, it seems like we
could have the ACME server do a 
GET /.well-known/acme-challenge/<hash-of-token>
instead of
GET /.well-known/acme-challenge/<token>

and expect the un-hashed token in the response body.  (Witih obvious
questions about explicit hash agility vs. hardcoding a hash per challenge
type.)

-Ben

v2.23.0 | Report a Bug | By Email