Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-caa-07: (with DISCUSS and COMMENT)
Benjamin Kaduk <kaduk@mit.edu> Fri, 14 June 2019 00:11 UTC
Return-Path: <kaduk@mit.edu>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BCE1E120105; Thu, 13 Jun 2019 17:11:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8zX4ZSlCFRo0; Thu, 13 Jun 2019 17:11:17 -0700 (PDT)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 178A212004B; Thu, 13 Jun 2019 17:11:16 -0700 (PDT)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x5E0B6rr020990 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 13 Jun 2019 20:11:09 -0400
Date: Thu, 13 Jun 2019 19:11:06 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Hugo Landau <hlandau@devever.net>
Cc: The IESG <iesg@ietf.org>, draft-ietf-acme-caa@ietf.org, Daniel McCarney <cpu@letsencrypt.org>, acme-chairs@ietf.org, acme@ietf.org
Message-ID: <20190614001105.GN52381@kduck.mit.edu>
References: <155899962263.692.16282630101807703064.idtracker@ietfa.amsl.com> <20190606065232.GA14091@axminster>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20190606065232.GA14091@axminster>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/H0Ala3iY0wRSfYh8OIIU9UW2eUU>
Subject: Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-caa-07: (with DISCUSS and COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Jun 2019 00:11:20 -0000
On Thu, Jun 06, 2019 at 07:52:33AM +0100, Hugo Landau wrote: > Sorry, I somehow missed this one. > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > I think we need to have some privacy considerations text about how this > > mechanism exposes ACME account URLs, which are otherwise intended to be > > unguessable, in the public DNS view. While ACME is generally intended > > to remain secure in the face of such information disclosure, it does > > have potential to enable some forms of correlation attacks, and could > > lead to DoS attempts specific to a given account or accounts. > I agree. How's this? > > > Revelation of Account URIs > -------------------------- > > Because CAA records are publically accessible, use of the > "accounturi" parameter enables third parties to observe the > authorized account URIs for a domain. This may allow third parties > to identify a correlation between domains if those domains use the > same account URIs. This sounds good. > CAs MUST select and process account URIs under the assumption that > untrusted third parties may learn of them. As Tim notes, this isn't really an actionable MUST, so we probably should just go with "are encouraged to". > > > ---------------------------------------------------------------------- > > COMMENT: > > ---------------------------------------------------------------------- > > > > I support Barry's Discusses (noting in particular that the "ca-" prefix is > > not reserved for local use by RFC 8555). > > > > Did we consider supplying ABNF descriptions of the parameter values? In > > particular, this would unambiguously specify whether optional whitespace > > is admitted in the comma-separated list used by "validationmethods". > I don't believe this was considered, but it seems like an improvement. > How's this? > > The value of the "validationmethods" parameter MUST comply with the > following ABNF {{RFC5234}}: > > value = [*(label ",") label] > label = 1*(ALPHA / DIGIT / "-") That looks okay to my eye, but let's see if we can get an ART AD to look at it, as well -- I'm only an amateur at ABNF. > > The shepherd writeup notes that there used to be hyphens in > > "account-uri" and "accepted-challenges". It seems that rfc6844bis has > > expanded the grammar to allow such hyphens; do we want to revisit their > > removal from this document? Noting that rfc6844bis is also slated for > > approval on this week's telechat, it may be worth updating the > > references as well, regardless of the decision on hyphens. > I agree we should change this to rfc6844bis, done. > > I'm neutral on reintroducing hyphens. I don't think it's worth doing, > since there is now an implementation out there: > > <https://community.letsencrypt.org/t/acme-caa-validationmethods-support/63125> Sure. There's not really a compelling reason to reintroduce them, strange mispronounciations of "accounturi" aside :) > > Section 3 > > > > The presence of this parameter constrains the property to which it is > > attached. Where a CAA property has an "accounturi" parameter, a CA > > MUST only consider that property to authorize issuance in the context > > of a given certificate issuance request if the CA recognises the URI > > specified as identifying the account making that request. > > > > nit: perhaps "URI specified in the value portion of the accounturi > > parameter" for maximum clarity? > > Changed to: > The presence of this parameter constrains the property to which it > is attached. Where a CAA property has an "accounturi" parameter, a > CA MUST only consider that property to authorize issuance in the > context of a given certificate issuance request if the CA recognises > the URI specified in the value portion of that parameter as > identifying the account making that request. Thanks! > > > > Section 4 > > > > The presence of this parameter constrains the property to which it is > > attached. A CA MUST only consider a property with the > > "validationmethods" parameter to authorize issuance where the name of > > the challenge method being used is one of the names listed in the > > comma-separated list. > > > > nit: I'm not sure that we've really defined "challenge method" in the > > sense it's used here. (We do define it in the sense of "names listed in > > the comma-separated list", but it seems like this usage is trying to > > refer to the actual actions taken by the CA to authorize the issuance > > request. > s/challenge/validation/ -- consistency. > s/name/label/ -- consistency with the ACME Validation Methods IANA > registry. > > Revised this a little to make things more watertight. > The text of this section is now: > > A CAA parameter "validationmethods" is also defined for the "issue" > and "issuewild" properties. The value of this parameter, if > specified, MUST be a comma-separated string of validation method > labels. > > A validation method label identifies a validation method. A > validation method is a particular way in which a CA can validate > control over a domain. > > The presence of this parameter constrains the property to which it > is attached. A CA MUST only consider a property with the > "validationmethods" parameter to authorize issuance where the > validation method being used is identified by one of the validation > method labels listed in the comma-separated list. > > Each validation method label MUST be either the label of a method > defined in the ACME Validation Methods IANA registry, or a > CA-specific non-ACME validation method label as defined below. > > Where a CA supports both the "validationmethods" parameter and one > or more non-ACME validation methods, it MUST assign labels to those > methods. If appropriate non-ACME labels are not present in the ACME > Validation Methods IANA registry, the CA MUST use labels beginning > with the string "ca-", which are defined to have CA-specific > meaning. > > The value of the "validationmethods" parameter MUST comply with the > following ABNF {{RFC5234}}: > > value = [*(label ",") label] > label = 1*(ALPHA / DIGIT / "-") > > > > > Section 5.2 > > > > I think this section may be predicated on an understanding of CAA > > "issue"/"issuewild" parameters that does not match my own. (Note that > > this includes the possibility that my understanding is incorrect.) > > Specifically, my reading of draft-ietf-lamps-rfc6844bis-06 Section 4.2 > > indicates that a given paramter is only defined for usage in a CAA > > "issue" record at the explicit specification of the Issuer, and that the > > Issuer alone determines their semantics. So when this text says that > > parameters are not an effective control absent out-of-band establishment > > of support, that's either a non sequitur or a tautology -- nobody has > > any business adding parameters to an Issuer's CAA entry unless that > > Issuer has told them to do so, full stop. > > Granted, we are complicating things by providing a preestablished > > specification for a set of parameters that an Issuer may choose to > > incorporate by reference, but I don't see that as changing the fact that > > the parameters are still specific to the given Issuer (and their CAA > > entry). > > Similarly, "MUST NOT assume" and "SHOULD also document" are repeating > > requirements from rfc6844bis, when starting from my frame of reference > > (and thus would not need to use the normative capitalization). > I agree with your interpretation, and this interpretation is in fact > explicitly stated in the IANA considerations section — but I don't think > how this is worded currently is a problem. This is a non-blocking comment, so it's entirely your call. If you wanted a concrete suggestion from me, I'd probably consider a minimal change like adding a new sentence at the start and tweaking the transition: "CAA records are inherently an indicator of an agreement between a domain owner and one or more CAs, so inserting CAA records into the DNS without cooperation from a CA is not expected to have any effect. Accordingly, the CAA parameters specified in this section rely on [...]". But I just wrote that on the fly and will not be surpirsed if it is unsatisfactory :) > I mean, it's the security considerations section — it's not just there > to add more normative requirements, but to point out ways you could > shoot yourself in the foot. We need to spell it out for people. Indeed. > > Section 5.7 > > > > This seems perhaps more appropriate in the core CAA specification than > > in this document. Conveniently, rfc6844bis is open and in IESG > > evaluation... > I've changed to rfc6844bis, but I don't think it's worth removing this. > It was added on request, and applying more security properties to CAA is > a good opportunity to remind people of this subtlety. Works for me. Thanks for the updates! -Ben
- [Acme] Benjamin Kaduk's Discuss on draft-ietf-acm… Benjamin Kaduk via Datatracker
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Hugo Landau
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Tim Hollebeek
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Hugo Landau