IETF Logo Mail Archive

Re: [Acme] Call for adoption of draft-aaron-acme-ari-02

Peter Thomassen <peter@desec.io> Wed, 29 June 2022 17:25 UTC

Return-Path: <peter@desec.io>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CCE3FC14F72A; Wed, 29 Jun 2022 10:25:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.782
X-Spam-Level:
X-Spam-Status: No, score=-3.782 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-1.876, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=a4a.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UQq-M9ui9N_W; Wed, 29 Jun 2022 10:25:01 -0700 (PDT)
Received: from mail.a4a.de (mail.a4a.de [IPv6:2a01:4f8:10a:1d5c:8000::8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACFBAC14F733; Wed, 29 Jun 2022 10:24:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=a4a.de; s=20170825; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:Subject:From :References:Cc:To:MIME-Version:Date:Message-ID:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=n62/8YL3pRUht1R9nJ0dKyVEmwuQOcM6lj6gw5sRfPc=; b=bJYL4L/Q9Tee+NyLO6Z/gLIqFl ygQxV/QJrzGSTiFaqF3dzQFVpXfLsbtMS+wwu+0YICbfO9uweelDOqRhwtmrAnQG0YVVtQoLJi/rU brwhZKSyWZnXXQB9wcuIikVAJb0FKBJZRdEK7fLN8jYWxRCtIzElQ4R5YxP7O1FuRmeb8OLAK8zfy 6F18lAMqVrZEG/YmlUppOWDmXZZl5Aqxdwl6MdOHEnRF9e3+KwGD3vIAg6AF+n+FL/nB1EYY+mQVX gzRDe42XdI8RmaLcpeYfi+8B2YMiynliHWcxZaIEB6QnoLsz9mtrUx7rMTeLxh5F6E1wj3ohWKD1l 5EdNPqZQ==;
Received: from [2a00:20:604f:8c1c:94b0:407d:667f:8c9] by mail.a4a.de with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <peter@desec.io>) id 1o6bQq-0005oe-Lk; Wed, 29 Jun 2022 19:24:53 +0200
Message-ID: <58fb7fd0-7cb7-2d90-a333-391c1d001253@desec.io>
Date: Wed, 29 Jun 2022 19:24:51 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.1
Content-Language: en-US
To: Aaron Gable <aaron=40letsencrypt.org@dmarc.ietf.org>
Cc: Deb Cooley <debcooley1@gmail.com>, IETF ACME <acme@ietf.org>, Dorothy E Cooley <decoole@radium.ncsc.mil>
References: <CAGgd1OevCu61rbCAOv1fcB-eFoRD6CMKnj=5Qy6XVqQroakR0g@mail.gmail.com> <59df1980-2a2a-2e49-09fa-91c1fbef4563@desec.io> <CAEmnEreNCz1t-qMS3aa0n0nFwMzi4UfDsyJdGkApWdkzD=PYbQ@mail.gmail.com>
From: Peter Thomassen <peter@desec.io>
In-Reply-To: <CAEmnEreNCz1t-qMS3aa0n0nFwMzi4UfDsyJdGkApWdkzD=PYbQ@mail.gmail.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/Hs2zvD4nrUmjf2dCNcs8f9ex-MU>
Subject: Re: [Acme] Call for adoption of draft-aaron-acme-ari-02
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Jun 2022 17:25:05 -0000

Hi Aaron,

On 6/18/22 01:48, Aaron Gable wrote:
> You can find prior discussion in these threads:
> - https://mailarchive.ietf.org/arch/msg/acme/b-RddSX8TdGYvO3f9c7Lzg6I2I4/ <https://mailarchive.ietf.org/arch/msg/acme/b-RddSX8TdGYvO3f9c7Lzg6I2I4/>, the very original proposal, which discusses are variety of motivations and alternate implementations
> - https://mailarchive.ietf.org/arch/msg/acme/UMRzzS6yh-D6ViwjYt0fgx213qY/ <https://mailarchive.ietf.org/arch/msg/acme/UMRzzS6yh-D6ViwjYt0fgx213qY/>, my revival of the idea, which addresses some of the concerns in the original thread

Thank you for these pointers.

> It's not my experience that RFCs in this space dedicate significant space in their text to discussing alternative designs, but if others would like to see a section like that added to the draft I'm happy to oblige.

I don't think much argument is needed, but I think it would be helpful to add at least one compelling use case to the introduction that hints at the insufficiency of the obvious alternatives that would come to mind (that is, client-side jittering). Perhaps like this (drop-in for the last paragraph):

    Being able to indicate to the client a period in which the issuing CA
    suggests renewal would allow proactive smearing of load (as client-side
    jittering would), but also enable dynamic changes to the certificate
    validity period, such as in the event of mass-revocation of a large
    number of certificates, and help restore normality after such an event
    by having clients quickly redistribute from the sudden renewal spike to
    a moreuniform renewal schedule.

    This document specifies a mechanism by which ACME servers may provide
    suggestedrenewal windows to ACME clients.

> Yes, of course clients could simply implement smearing on their own. But they have little motivation to do so -- there's no standard documenting how they should do so, and it's statistically rare that any one out of hundreds of millions of clients is the one affected by a given load spike. They can just retry and be fine. Having a standard for this provides a template or framework to encourage clients to all implement this in the same way.

I'm afraid there will be little motivation for updating legacy clients, regardless of whether the update would bring client-side ARI support (as documented by a standard) or client-side smearing (which could also be standardized).

It's the typical upgrade-with-backwards-compatibility problem: Unless ACME servers would REQUIRE clients to support ARI (which would be a breaking change), clients might not upgrade. If they do, chances are that they have a proper update process, in which case they'd receive any update, regardless of which solution is standardized.

So, regarding client-side deployability, I think that ARI has no advantage over client-side smearing.

> Suppose that a CA revokes and replaces 100M certificates in a single day. Suppose further that, as you suggest, they smear their validity periods by 1%, meaning that clients will try to renew somewhere between 59 and 61 days after the incident. How many renewal cycles will it take for that 100M-cert-tall load spike to flatten back out into the whole 60 days of smooth issuance it previously covered?

Convinced!

> Suppose that a CA suffers an incident and knows that they will have to revoke and replace 100M certificates in the next 24 hours. They could configure ARI to give all clients a renewal window in the past, encouraging every client that checks in to immediately renew their certificate, minimizing the real-world impact of a mass revocation event. And then they go immediately to the case described above, to prevent additional fallout.

That's very convincing, too. I think it would help if the intro gave a glimpse of these use cases.

> I hope this provides more insight into why we've gone this direction with the design, and why the draft is important!

Surely, thanks! I hope I did not hold up the draft with my critical questions :-) Thank you for being open for discussion.

I support adoption.

Best,
Peter

-- 
https://desec.io/

v2.23.0 | Report a Bug | By Email