IETF Logo Mail Archive

Re: [Acme] draft-misell-acme-onion

Corey Bonnell <Corey.Bonnell@digicert.com> Mon, 17 April 2023 12:20 UTC

Return-Path: <Corey.Bonnell@digicert.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DDF7C151530 for <acme@ietfa.amsl.com>; Mon, 17 Apr 2023 05:20:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digicert.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Asyf-XKTMnfN for <acme@ietfa.amsl.com>; Mon, 17 Apr 2023 05:20:28 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on20700.outbound.protection.outlook.com [IPv6:2a01:111:f400:7eae::700]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C1BE1C14CF17 for <acme@ietf.org>; Mon, 17 Apr 2023 05:20:27 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SPH4NeG42FCr6hbBzUMQAyqAaOfnwY4+AH1ys9vTSE2vsAxnQfSneBCGqoVtzV1J+FDfhqMpgcS60qOT58NFTTOlzvlpncUUMw6v3gPwSG4zi6fEKXm2BUjhEmBZvHMVg10TOJmkC7NE8lWcrTasydkZF/s3GcLhEGD0kaDd9weNXeNMAoMIQoIkxuKtljXtfZb65ZZKd56UpIG6fdf7OYav+4JDn5UFd3gb//aAxeEv97jsJ1Y/sI/mWbC2S6zMdCkUIpSmKtGzQaUjLT4M3O/qSSfQ5sAN5Ab8pUF1M1kTr/qQ2bgtMEz/DMr8aTwHS21MxjAGJRModKzz+lvKCw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=TRzw/Nphqctbhrw3IqcYC+fCOsA6qGejcgz0qJmyZ+0=; b=MUJ6tOc6lbJfFMbRlKaSZuaIhEZ1mFPBujb3zoSvophunqUxieYEWGR42rHL00DaB5IGpHfThxszS5NnF1z8UChBgFzBoahSRPkmSTvPe7m4e50rcpDOTzgaf8nEIs0s59G2Ck804Euh2vYAfuLWJtr9HzHEXUVxwzlbw+5sjJPUei6fIKtgYPwXjBZ/1ouhjfWBiZHlc+XteUtYIltmXHxq+BUTUDNH8c5YpdrbMLFSirkSfHH5C827Cenj8aqgLxvE/FJUSLzbttrwaIKN+8eyVoz+K2putv1tk7CQt5zZH/yLbTLjthMiP0SQeaiM2MUg+cxRM87ea2grF7bYKA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=digicert.com; dmarc=pass action=none header.from=digicert.com; dkim=pass header.d=digicert.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TRzw/Nphqctbhrw3IqcYC+fCOsA6qGejcgz0qJmyZ+0=; b=DFG2s26uBvfynt7QLVsTy7ouyTMoVUaL06T73XoPp/JdgTTvQQHjBikU61TWmh4pQB3aD2bZfo64nQ0bnrerWAx9jTL00pwxthDRraPK4DixLW1VAw6OMBKdZszh9dLl0bFNyv9e2+KhQXtYPZMFHj+xrI8H40swue3vyNACLLUqHi8XPERPd9i2W3L4CNctoHy1IG26ju954p1PdgElUsWtJDZ7sK1rOmO0wXnLmNS5s2h8c7lGW9pfTjCyQ2BTa6a4AdM4QrMNEs8co0pjb0gmDCy85rEd8W61OcN9btENgP0pcs3DRz9LyEY32kjtrgeVWDjxeCloTx5ZmSyZ6A==
Received: from DM6PR14MB2186.namprd14.prod.outlook.com (2603:10b6:5:b6::16) by SJ0PR14MB4249.namprd14.prod.outlook.com (2603:10b6:a03:2e5::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6298.45; Mon, 17 Apr 2023 12:20:22 +0000
Received: from DM6PR14MB2186.namprd14.prod.outlook.com ([fe80::e157:829:f7f0:aa45]) by DM6PR14MB2186.namprd14.prod.outlook.com ([fe80::e157:829:f7f0:aa45%5]) with mapi id 15.20.6298.045; Mon, 17 Apr 2023 12:20:21 +0000
From: Corey Bonnell <Corey.Bonnell@digicert.com>
To: Q Misell <q=40as207960.net@dmarc.ietf.org>, Seo Suchan <tjtncks@gmail.com>
CC: "acme@ietf.org" <acme@ietf.org>
Thread-Topic: [Acme] draft-misell-acme-onion
Thread-Index: AQHZb7aqRFHgauZMq0yjGFXf275NPK8tO1eAgADd5ACAAFaLgIAA8GqAgAAHRuA=
Date: Mon, 17 Apr 2023 12:20:21 +0000
Message-ID: <DM6PR14MB2186F6A5678594C15D5A7A19929C9@DM6PR14MB2186.namprd14.prod.outlook.com>
References: <CAMEWqGuuRsYF-EoFs44DSZ0X0z5iOuKa8iMC38Yuh24F0fWYXQ@mail.gmail.com> <214b80c1-b234-07ae-e33c-bda3d6c1f542@gmail.com> <CAMEWqGuTDGyEQ+ZsiMqo5q9XiYHLr4Uxrp0gUOi3vRFFPV6dKg@mail.gmail.com> <0b2bf652-2e47-b3a0-dade-52ec0257de96@gmail.com> <CAMEWqGvqM8zxw0x739-ZcOn55niJJT9gdv7w9RNwRYoYK78uzg@mail.gmail.com>
In-Reply-To: <CAMEWqGvqM8zxw0x739-ZcOn55niJJT9gdv7w9RNwRYoYK78uzg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=digicert.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM6PR14MB2186:EE_|SJ0PR14MB4249:EE_
x-ms-office365-filtering-correlation-id: fb4a6c8b-d9ee-451b-fcfb-08db3f3e1d5f
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 2pkHuKRoVvgfJBdXOAqvIEHQQt1dbygtyH/+gn70DveLSu5Ctv/t+qXiJ7z7M9jyks1aFnEfGXsVgR1tZVX+JXV1iQPz5qqNHZREzYiBk5gr/brErQMyUbJmtkUGdLxHOFcpXcwMSwvDGOSMNKW0hNOtNWu16kvy1g0ezpTGSb4pFM0oHTWVXcSUVlbDLv7Tj9gfZDxfJbmRPXS5Tuml7owb2oF10oCGZmBayrxBMLkEnuhTy02kKAlfWQ4nRPxU6qc/TIurLZEZKuVsBD/oinAa7RPBM3eUyomZDo00jrYNQnNmuryxSMBHQq1P9LZIwXZ8Z5hmFb2nIdmZ21NNJA6qtijUnm/ta2yamXK0pdGcaqHxbUGbLTVVmoczQl4uPyYIwLjuyBTOTkgrRZheDPJRkwZdWvuyAZk25DWbmXgbN/1Wua2cJVA92KuHtir2KqJitrXQru+8gJ8JxMb0FUtwhAdRSmM2oRzyeRi1juOwUOFl929UBrAoRrnX5YGZafjoIDy5yqpeVdK67bBIGO2FEJa8qNlf6Y5tDPICbGg6jK+HW2amTlmU1nFMt1k3WUkHdIBRX0jkJw94Kf5zF4P8/aPygpVM660DoExEtvM=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR14MB2186.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(376002)(396003)(136003)(366004)(39850400004)(346002)(451199021)(7696005)(966005)(86362001)(478600001)(110136005)(55016003)(71200400001)(83380400001)(26005)(33656002)(6506007)(186003)(53546011)(9686003)(166002)(38100700002)(38070700005)(122000001)(99936003)(64756008)(76116006)(66446008)(66946007)(66476007)(66556008)(316002)(2906002)(4326008)(8936002)(8676002)(5660300002)(52536014)(41300700001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: JRd3Yk83upn8lsFN79WBfpo7Lf/9szhQFMdT/MpQpAJIThucKGAySncxfauOqNpQt3Hmnl/wyKBgPNyxNIMRUYB9OUFxRvvslJKcOCnYWWBjoZ+QU66UOV2TCY1AC/7x1txNbmS5dB8J67mdW6rR8cdRw+1427A7rF1U1iIp47OdPN0CesmvyaGzdfGWWq+sDm7zQCo+3S9jM2l/4AclQ/2HkYdrNegz50Fg8LlzvRSFhp32qC2CJ5NVUIxyWaeONdd0MPAWtGHcvqWTM5qpuLfp8+sKUfMOxagXzw0p4SxO34CxrwANXNVrlRxi9hfMplgIpaD6tJq38KU5QuHeLbGNDYSv5qyUKlyE45frcr+rpwcDDvyPbHBtFWxhio/cI6GFj7pk7k7RHwln+LDloyFJOIQz10sov4kkAszEGp+RtSRS1gjInTCHJonLLlljp3uhDWb+h9JGczQWsvwYQaVvVTaMRW0HBmznGSILLUTFdIi2yINk2rmAs1sIGTGOlAC2ThGrF4cxGe3ps9HvYGwLI2BrMKgE2J0dVQG3MMScAdy9d5CW7x9WVQ5LU3zvB4z0LiwRj+UyodOD8BPQBK6o+qNBjw+xdoUPvap4NHxBx27GJtxQKjfZv+dWseq05BDzYEmluIQwMXOAXFIr7f4w0hPVQUw+OVbb+xBz2CnZTfc9KI6bdo45Y8YgGUwAnm9NaQSbxpU9DUipqwFiSA5REJArcapLJXXSVwUwpFwLVMQOMKNtAOj0BviRL2gULlOWEZJrZp1Eq2+4MzHW8SHEkAcMIrVFCufao2UOpPv3ydskmmHWkg1Pe0q4v+fjaOavLJbXZICoXN6pW3P0dD6CPsFZGjwyEaERViGrke4PjAoGUNRdm22vakTwAdBtiNPzPzE2DzajsWsFJaeCgZDz7rYVg3/AFM/okLm+HyZznbIuXr4/dc+JmMRWr23nrxJngC9ywf76zijTIA1I8MerCfi0zrxoQoR7XCMYHLNOcdVQSo1TunbjOVi33KInF0kpvixTCe2Wsm22FWs5U6WvOOHZWebkQFyHS7UNf6w2pq9O1QUV5x9bx/wzTDPS/9stdRU1y6opaJRSo9Ogjxiu+Lu9XVH4h91ugn7PQIG1Krq8uD/muEjlKNy6khLkkc87Tk7dYf908s9fyBAYCYvgUJIgc/xKuIUSiNTEkvpU8GijXasjSpSEDKgYB40izKvA5JEWTbx3oQ3Ars+9qhnK9Y8fvWQ/PLpeij4c54E3UZ040lKlwb1WdsW4xGGiAMjJk1OvahRNFj9krGOg4hLF28u04vVJHLQj6PZZwpGFBHjG7oVphQjWflZPdIw8qTFwetuvo5+pftkfiSYovYBgz6xbNovxw3LGiAzjeXHCuXJL5bdAto3yiMCxJ+F8XLIN8lZGJObOo8yLHTuBR/ok5szKel3J8YK/a03AqThgTiaWH6kcqYXk07MAbLXs4RA4odfHxO1CT3gRcFk3uMvTPiHHrENcZse5k903duw1N205y8KKJBKw167q+amahD8vpWuKPVsdOlcnzKqcDdxQR/sdtkSSbfoaYZ//ZX7Dyvtg714hIthZ0Og9I1r6
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_01DD_01D97105.73527820"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR14MB2186.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: fb4a6c8b-d9ee-451b-fcfb-08db3f3e1d5f
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Apr 2023 12:20:21.6288 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: xtZQxZ7sKw1ByU2rW12l5tJ+zjyJ1vJz6QngaDKg3irdpSC4bFG1rP47r2BSzyQI64rFG0XnJb9ACjaQ9AREL8h69G6P9NgsS36J9CyAyXU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ0PR14MB4249
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/HBql9jrkz_15Z9V7OeD5I-XCGII>
Subject: Re: [Acme] draft-misell-acme-onion
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Apr 2023 12:20:32 -0000

*	Might I suggest then two CSRs, one signed with the onion key to be submitted as a challenge response, and one submitted to finalize the order.

 

I agree that this is the right approach. While the WebPKI does not mandate that CAs verify that the applicant actually controls the associated private key in the request, other PKIs may want to enforce this. One vehicle for doing so is the CSR signature (preferably with a freshness token/challenge password included). We (DigiCert) expect that the applicant will provide us two CSRs, and the language in section 3.2.1 of HARICA’s CPS indicates that they do the same.

 

For CAA, section 5.1 of the draft details why CAA tree-climbing is not necessary, but I don’t see any information regarding checking the CAA RRSet at the “onion” TLD itself. I don’t believe that doing such a check is technically feasible, but I think it would be good to clarify this, as checking the TLD is mandated by the CAA spec.

 

Thanks,

Corey

 

From: Acme <acme-bounces@ietf.org> On Behalf Of Q Misell
Sent: Monday, April 17, 2023 7:29 AM
To: Seo Suchan <tjtncks@gmail.com>
Cc: acme@ietf.org
Subject: Re: [Acme] draft-misell-acme-onion

 

Point taken, I think you're right. 

 

Might I suggest then two CSRs, one signed with the onion key to be submitted as a challenge response, and one submitted to finalize the order.

 

On Sun, 16 Apr 2023 at 22:08, Seo Suchan <tjtncks@gmail.com <mailto:tjtncks@gmail.com> > wrote:

I think this section implies CSR has to be signed by what subjectPublickeyinfo be used for verify it:

rfc2986 section 3 note  2.

   Note 2 - The signature on the certification request prevents an
   entity from requesting a certificate with another party's public key.
   Such an attack would give the entity the minor ability to pretend to
   be the originator of any message signed by the other party.  This
   attack is significant only if the entity does not know the message
   being signed and the signed part of the message does not identify the
   signer.  The entity would still not be able to decrypt messages
   intended for the other party, of course.
 
subject public key and subject entity's private key not being matching pair feels stretching the rule as written.
and even if csr is allowed I don't think merging finalization and challenge verify is a good idea here:
1. Pre-authorization (rfc8555 7.4.1) makes challenge may not have parent order.
2. a order capable of finalize in pending state makes ready state check useless, in boulder that's only place actually checks for order's validity before calling CA to sign the certificate
3. most acme CA moved to async order finalization, so it will move to processing if it wants or not.

2023-04-17 오전 12:58에 Q Misell 이(가) 쓴 글:

Hi, 

 

Thanks for the comments. I'll fix the typos.

 

With regard to running a Tor client or not I don't think it is too much of a ask from CAs to run a Tor client (it needn't even be that feature complete to simply fetch a HS descriptor), for the added benefit of CAA enforcement.

 

Regarding your comment about CSRs I think you've misunderstood how the CSR is used. RFC2986 section 3 states that the CertificationRequestInfo contains the public key to be included in the final certificate (subjectPKInfo), whilst the entire CertificationRequest can be signed with a different key entirely, and this is what the CA/BF rules permit, and indeed what they were designed to achieve and how HARICA implements this.

 

Thanks,

Q 

 

On Sun, 16 Apr 2023 at 03:44, Seo Suchan <tjtncks@gmail.com <mailto:tjtncks@gmail.com> > wrote:

5.2 has few typos CAA when it should mean CA: (CAA can't read any descriptor, it's a text)

For running CAA in general, I think appendix B of CA/B BR method b made in a way that CA doesn't have to run Tor client at all. And it actually allows signing a cert for not yet hosted onion domain, given they control right private key to induce that domain name. In that case making CA required to run Tor client to read CAA conflicts this goal.

And challenge 3.2, it doesn't work for public CA:  in acme context, CSR's pubkey sent in finalization is what CA will sign, but for challange perspective key there need to be ed25519 key (because it's onion v3 private key,) but CA/B does not allow signing ed25519 key in TLS certificate, you can't reuse CSR for both purpose.

 

2023-04-16 오전 1:22에 Q Misell 이(가) 쓴 글:

Hi all,

 

Hope you've all recovered from IETF116, it was lovely seeing you all there. Thanks to those who already gave me feedback on my draft.

 

As promised in my brief presentation at the WG meeting, here's my post introducing my draft draft <https://datatracker.ietf.org/doc/draft-misell-acme-onion/> -misell-acme-onion <https://datatracker.ietf.org/doc/draft-misell-acme-onion/>  to ease issuance of certificates to Tor hidden services.

 

DigiCert and HARICA already issue X.509 certificates to Tor hidden services but there is no automation whatsoever on this. From my discussions with the Tor community this is something that bothers them so I've taken to writing this draft to hopefully address that.

 

The draft defines three ways of validation:

- http-01 over Tor

- tls-alpn-01 over Tor

- A new method onion-csr-01, where the CSR is signed by the key of the onion service

 

An explicit non goal is to define validation methods not already approved by the CA/BF, however if someone can make a compelling argument for an entirely novel method I wouldn't be entirely opposed to it.

 

Looking forward to your feedback, and some indication that this would be worth adopting as a WG draft.

 

Thanks,

Q Misell

 

_______________________________________________
Acme mailing list
Acme@ietf.org <mailto:Acme@ietf.org> 
https://www.ietf.org/mailman/listinfo/acme

_______________________________________________
Acme mailing list
Acme@ietf.org <mailto:Acme@ietf.org> 
https://www.ietf.org/mailman/listinfo/acme

v2.23.0 | Report a Bug | By Email