IETF Logo Mail Archive

Re: [Acme] Warren Kumari's Discuss on draft-ietf-acme-ip-07: (with DISCUSS and COMMENT)

Warren Kumari <warren@kumari.net> Tue, 01 October 2019 18:28 UTC

Return-Path: <warren@kumari.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F938120018 for <acme@ietfa.amsl.com>; Tue, 1 Oct 2019 11:28:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.657
X-Spam-Level:
X-Spam-Status: No, score=-0.657 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I7d-hkykw3JG for <acme@ietfa.amsl.com>; Tue, 1 Oct 2019 11:28:19 -0700 (PDT)
Received: from mail-qt1-x82b.google.com (mail-qt1-x82b.google.com [IPv6:2607:f8b0:4864:20::82b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B13B12004D for <acme@ietf.org>; Tue, 1 Oct 2019 11:28:19 -0700 (PDT)
Received: by mail-qt1-x82b.google.com with SMTP id 3so22906249qta.1 for <acme@ietf.org>; Tue, 01 Oct 2019 11:28:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=nRoKJZzyKBb8OfDmdvJoCjIIKin2J//Ps1vYPwFW2fs=; b=p9WeVZaSIsHxsnChy1ist6ywHhqviT+H+ajMptnp7leYJzQtOaZO8vZuZ07kcRuptb NtgpW0wrZ/c3RVPXoM+VGbq66ADp3zdu45S0Mg1XEXRZEkTv+GzZBUOUjkgEn6JVCKXb D0aNviv9kZkwlG2uxAfFbEu8NVGWmFqyr9b8RaXB3xfNv41XLZEALrwHlVRjb+xckW8K pRa2e7Yf3qPMtiZoz4TKbdOopjIGX8GK46BNgwG1iMSxVfccQb5E+/ndf7PJteU1h/AO okUwFJsgvbDOAksTP8JZSuqBQThzmgima0uvj8NeihNinkItU/aWSflfSX6KiOh0Vqzv 9WUw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=nRoKJZzyKBb8OfDmdvJoCjIIKin2J//Ps1vYPwFW2fs=; b=PJkKixWDiMz25Ln7LNEEPXvNTgw8Qj9EiecfIY2WpMKjK/WXwiPSdp7HUEbKl0ixrb U4weuPmWeMKlN1Qdplo1bS6h7zC19NIkSxkr207V//xN38M/lys7+9i5hVk/c1nC7RIO T76nNOfBa+9gShw/mNIP9d9GKHZrLjXTp79lukHXAOgb8qA8hAC0B4dDyCN9gzURQxw9 1uVIbi9NjsXBFxCsouI95RY7vrayBqyC1fULzwC2ga24ZOuuW/iaQIReBNjOWlViSvdL Yw3OGY4Is7fo2eL2ztZcG3IW0b6KQC3fsRfyHwON6F8JG7twToysg4zbltitivsgBMOW 1Ymw==
X-Gm-Message-State: APjAAAWByJN/w5hs95XspKcyqX2bvidDQ5/UN9YVz2UrxQhDV4uEn2Am CtRi1FskvCXTO7465XZG3et0LMpmg7efhN5EfskxqQ==
X-Google-Smtp-Source: APXvYqz43wbVWKLpk4YcSyPg78a3eQ0OA1pMEoqmYyKX7Y8zlWv4XRpioqjDbahVU5F6uM4SrAW7RAJ7NJaLez3u3ZE=
X-Received: by 2002:ac8:305d:: with SMTP id g29mr4466855qte.279.1569954497541; Tue, 01 Oct 2019 11:28:17 -0700 (PDT)
MIME-Version: 1.0
References: <156994353133.23716.18054738012405816713.idtracker@ietfa.amsl.com> <797CB1A6-2C78-4BF7-A12E-B3B2DE910E9F@letsencrypt.org>
In-Reply-To: <797CB1A6-2C78-4BF7-A12E-B3B2DE910E9F@letsencrypt.org>
From: Warren Kumari <warren@kumari.net>
Date: Tue, 01 Oct 2019 14:27:40 -0400
Message-ID: <CAHw9_iLqSqLbmnKQsRuyfos4CFWrw4APovMKGXHLjMXPuXQsGQ@mail.gmail.com>
To: Roland Shoemaker <roland@letsencrypt.org>
Cc: The IESG <iesg@ietf.org>, draft-ietf-acme-ip@ietf.org, Daniel McCarney <cpu@letsencrypt.org>, acme-chairs@ietf.org, acme@ietf.org, Joel Jaeggli <joelja@bogus.com>, Tim Chown <tim.chown@jisc.ac.uk>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/HD9WMCxmBrBXO8MAawfmMN3JLJ4>
Subject: Re: [Acme] Warren Kumari's Discuss on draft-ietf-acme-ip-07: (with DISCUSS and COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 18:28:23 -0000

On Tue, Oct 1, 2019 at 1:10 PM Roland Shoemaker <roland@letsencrypt.org> wrote:
>
> Hey Warren,
>
> Thanks for the review of this document. Overall I don’t find the suggested scenario particularly compelling in terms of indicating any security problems with the suggested document. The threat model defined in 8555 indicates that ACME is not able to mitigate scenarios where an attacker is able to demonstrate control of the validation target (whether this is via ARP poisoning on a local network in the suggest scenario or via DNS hijacking on the wider internet). Beyond that I don’t think this suggested scenario is that realistic. A public CA is unable to issue for internal private IP addresses, if the POS was using a certificate from an internal CA the attack might be viable, but only if that internal CA implemented ACME and allowed arbitrary user registrations which would be policy choices outside of the scope of this document.

I used 192.0.2.10 instead of something in the RFC1918 range to imply
that it was a publicly routed address, but I realize didn't actually
state that.

>
> The second scenario you suggest is also something covered by 8555, if the attacker is able to fully control the network, then they can control ACME. This is not just the case for IP validation, if an attacker is able to hijack BGP routes then they are able to complete validation for both IP and DNS identifiers (there is currently a handful of both academic and industry work happening to try and mitigate these issues) and is also not just the case for ACME, any CA that does network based control validation, automated or not, is susceptible to these kinds of attacks.

Yup, I've read 8555, but somehow it feels much more scary to have this
happen for IP addresses than for DNS names -- some of this might just
be me being triggered by expectations that addressed get reused (e.g
DHCP), and that e.g someone on the IETF meeting network could iterate
over all addresses, getting certificates for all of the space...

This still *feels* dangerous to me...

W

>
> Hope that helps clarify my thinking on the topic.
> Roland
>
> > On Oct 1, 2019, at 8:25 AM, Warren Kumari via Datatracker <noreply@ietf.org> wrote:
> >
> > Warren Kumari has entered the following ballot position for
> > draft-ietf-acme-ip-07: Discuss
> >
> > When responding, please keep the subject line intact and reply to all
> > email addresses included in the To and CC lines. (Feel free to cut this
> > introductory paragraph, however.)
> >
> >
> > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> > for more information about IESG DISCUSS and COMMENT positions.
> >
> >
> > The document, along with other ballot positions, can be found here:
> > https://datatracker.ietf.org/doc/draft-ietf-acme-ip/
> >
> >
> >
> > ----------------------------------------------------------------------
> > DISCUSS:
> > ----------------------------------------------------------------------
> >
> > This is either a huge issue, or a complete non-event -- I'm not sure which -
> > please help me understand / convince me I'm missing something.
> >
> > Contrived, but simple example scenario: My local coffeeshop runs their Point of
> > Sale (POS) system on 192.0.2.10. They have a certificate for this (e.g from
> > LE), and all of their credit card machines contact the POS system using
> > https://192.0.2.10. I now visit the coffee shop, and using e.g ARP spoofing
> > grab 192.0.2.10. I then use ACME to request and get a cert for 192.0.2.10. I
> > now fire up a webserver, the credit card machines happily connect to me, I
> > present a valid cert, and they send me those sweet, sweet credit card numbers.
> >
> > I get that this isn't really an issue with ACME itself, but rather A: the
> > existence of IP based certificates, and B: the fact that the ability to
> > "control" an IP is  more easily under an attackers control than the ability to
> > "control" a useful domain name. As another exmaple, I could construct scenarios
> > where I use BGP route hijacking to control an address remotely, without having
> > to visit the victim network.
> >
> > The Security Considerations section *does* say:
> > "The CA may wish to perform additional checks not
> >   specified in this document.  For example if the CA believes an IP
> >   identifier belongs to a ISP or cloud service provider with short
> >   delegation periods they may wish to impose additional restrictions on
> >   certificates requested for that identifier."
> >
> > Again, I understand that ACME is "just" the protocol / means to automate this,
> > but it seems that this is a sufficiently dangerous thing to be doing that
> > having it more automated is a bad idea. Please don't misunderstand, I really
> > like ACME - it's made my life much better, but its power / convenience might be
> > dangerous here.
> >
> >
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> > Thank you - this document is clear, understandable and readable.
> > Also, thank you to Joel and Tim for their OpsDir reviews.
> >
> >
>


-- 
I don't think the execution is relevant when it was obviously a bad
idea in the first place.
This is like putting rabid weasels in your pants, and later expressing
regret at having chosen those particular rabid weasels and that pair
of pants.
   ---maf

v2.23.0 | Report a Bug | By Email