Re: [Acme] High level comments on draft-barnes-acme (the GitHub version)

Bernd Eckenfels <ecki@zusammenkunft.net> Wed, 25 March 2015 22:35 UTC

Return-Path: <ecki@zusammenkunft.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEE211A1BA7 for <acme@ietfa.amsl.com>; Wed, 25 Mar 2015 15:35:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XQUasO3oTmEN for <acme@ietfa.amsl.com>; Wed, 25 Mar 2015 15:35:06 -0700 (PDT)
Received: from mail-wg0-f54.google.com (mail-wg0-f54.google.com [74.125.82.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 16D591A1B5C for <acme@ietf.org>; Wed, 25 Mar 2015 15:34:56 -0700 (PDT)
Received: by wgbcc7 with SMTP id cc7so43781361wgb.0 for <acme@ietf.org>; Wed, 25 Mar 2015 15:34:54 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-type:content-transfer-encoding; bh=HwGAwHMDbj3AdrLD2IopbycHUXrT6NFxi7AnrYBOiSE=; b=jhz/qMgMK+Hiw74jCPIRBNmLug8uG4YvV3BWBBNnqMzR3lrF5ThkWQg2nzaiw6IwL4 XkyOiDHfUcIitw+blIb78WwcAXiu+0mwfsAz+C70Ttb/Lc7dJ/JBWbLisUegLMwmFl4g XpuXNOJm5f3g8AMltmhsEUK7SJiyjDKHo9Gs0RJ/+SWU1+DCWF6D0KWXZWF/cvR/bk1b 5XO2sfwGA5BWLzZgxHoROH3Jmh73qQoPJt6K+wYU8vY8rMa5+31zUj6bdN+n6l2UYgMR ZHdPXf7oNjKQuxQ4Tu3qxUKHJ0TnxIax8MFCeDsOtjEWoJEhavZB/taI/8MKtzoVLVBx Z0iA==
X-Gm-Message-State: ALoCoQkdpxU1yC8NDyvPckWIjTUjh15UE6ckaMQi3l/sXPE8D3bnjHwNaIxtL3F7F6ZG4hEjmaPt
X-Received: by 10.180.107.198 with SMTP id he6mr8908730wib.68.1427322894846; Wed, 25 Mar 2015 15:34:54 -0700 (PDT)
Received: from localhost (HSI-KBW-046-005-194-024.hsi8.kabel-badenwuerttemberg.de. [46.5.194.24]) by mx.google.com with ESMTPSA id dn7sm7606203wid.12.2015.03.25.15.34.53 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 25 Mar 2015 15:34:54 -0700 (PDT)
Date: Wed, 25 Mar 2015 23:34:50 +0100
From: Bernd Eckenfels <ecki@zusammenkunft.net>
To: Joseph Lorenzo Hall <joe@cdt.org>, "acme@ietf.org" <acme@ietf.org>
Message-ID: <20150325233450.00000438.ecki@zusammenkunft.net>
In-Reply-To: <CABtrr-V4++ayD4UV32maWiOSLyg=r3Gj-HNnDaizQ_WoF_4PjQ@mail.gmail.com>
References: <92B826AA-48E3-454C-85A9-600F84D539DD@ericsson.com> <9F77199A-98B7-4963-8EA3-552405B5342F@titanous.com> <B4953448-093A-4DB7-B81D-B09FE31E7B3F@ericsson.com> <CABtrr-V4++ayD4UV32maWiOSLyg=r3Gj-HNnDaizQ_WoF_4PjQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/KSlRy6xtPCVXMT5G-F6YfEyd4h0>
Cc: John Mattsson <john.mattsson@ericsson.com>
Subject: Re: [Acme] High level comments on draft-barnes-acme (the GitHub version)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2015 22:35:08 -0000

DVSNI has the same protection level than cleartext tokens (or
challenge emails). It is an opportunistic way of automatically verifying
the domain. I dont think the TLS part in there is meant to add any
protection (how should it, if the cert is not trusted).

Besides scanning from different locations to reduce the risk and of
course not using the method when the idendity is already protected with
a key there is not much ACME can do in a automated CA scenario.

This is pretty similiar to SSH's TOFU.

Having said that I was quite suprised that a new method was suggested.
It IMHO mainly adds bloat.

Gruss
Bernd

Am Wed, 25 Mar 2015 17:15:27 -0500
schrieb Joseph Lorenzo Hall <joe@cdt.org>rg>:

> On Wed, Mar 25, 2015 at 2:42 PM, John Mattsson
> <john.mattsson@ericsson.com> wrote:
> >
> >
> > On 25 Mar 2015, at 13:24, Jonathan Rudenberg
> > <jonathan@titanous.com> wrote:
> >
> >
> > On Mar 25, 2015, at 9:35 AM, John Mattsson
> > <john.mattsson@ericsson.com> wrote:
> >
> > Hi,
> >
> > Some high level comments on draft-barnes-acme (the GitHub version)
> >
> >
> > - Security:
> > The security of this seems to need some serious rethinking. The
> > “Domain Validation with Server Name Indication” challenge seems
> > totally nonsecure, allowing ANY on-path attacker to get
> > certificates issued. I think this challenge is unacceptable for
> > certificate issuance and I think it should be removed. Just because
> > I let Amazon, Microsoft, Google or any other cloud provider run my
> > web server does not mean I give them the right to request
> > certificates for my domain.
> >
> >
> > Thanks for pointing this out.
> 
> This seems like a big deal, no? That is, since SNI is one of the few
> things not protected in the TLS handshake, it does seem spoofable. If
> there's not something I'm missing, it seems like the proposal should
> just drop DVSNI altogether.
>