Re: [Acme] High level comments on draft-barnes-acme (the GitHub version)

Jacob Hoffman-Andrews <jsha@eff.org> Wed, 25 March 2015 22:21 UTC

Return-Path: <jsha@eff.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7E2931A1A1C for <acme@ietfa.amsl.com>; Wed, 25 Mar 2015 15:21:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.011
X-Spam-Level:
X-Spam-Status: No, score=-7.011 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hrsgzXnwqYRr for <acme@ietfa.amsl.com>; Wed, 25 Mar 2015 15:21:48 -0700 (PDT)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 756401A039A for <acme@ietf.org>; Wed, 25 Mar 2015 15:21:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=Content-Transfer-Encoding:Content-Type:In-Reply-To:References:Subject:CC:To:MIME-Version:From:Date:Message-ID; bh=jxLuy36JJ7uwdxWPGl42Hbg2jijNvrfY3Y/nAkyonXg=; b=0Q+t1TJLbSPVG0Xf3eND5v4Y0sBFU6nz4VcqSrNgqrpD6xp5C3qnX07OHNlRZHHJm0hVbbp+UTL80klfiZerqxSk6KUfUWoGy3exIVPii2QBhLpbxlmmEg76+lOEIe/fsI6V9gcpx6/iqq4cfdl5hkNEcPn6sjxzUMtOjR4pETw=;
Received: ; Wed, 25 Mar 2015 15:21:46 -0700
Message-ID: <551334F9.9040107@eff.org>
Date: Wed, 25 Mar 2015 15:21:45 -0700
From: Jacob Hoffman-Andrews <jsha@eff.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Joseph Lorenzo Hall <joe@cdt.org>, John Mattsson <john.mattsson@ericsson.com>
References: <92B826AA-48E3-454C-85A9-600F84D539DD@ericsson.com> <9F77199A-98B7-4963-8EA3-552405B5342F@titanous.com> <B4953448-093A-4DB7-B81D-B09FE31E7B3F@ericsson.com> <CABtrr-V4++ayD4UV32maWiOSLyg=r3Gj-HNnDaizQ_WoF_4PjQ@mail.gmail.com>
In-Reply-To: <CABtrr-V4++ayD4UV32maWiOSLyg=r3Gj-HNnDaizQ_WoF_4PjQ@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
Received-SPF: skipped for local relay
Received-SPF: skipped for local relay
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/KUYPT1o3gLWh0SQZ0CfziuYA7V0>
Cc: Jonathan Rudenberg <jonathan@titanous.com>, "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] High level comments on draft-barnes-acme (the GitHub version)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2015 22:21:50 -0000

> This seems like a big deal, no? That is, since SNI is one of the few
things not protected in the TLS handshake, it does seem spoofable. If
there's not something I'm missing, it seems like the proposal should
just drop DVSNI altogether.

An attacker who fully controls the network is explicitly not part of the
threat model for any Domain Validation. None of the available techniques
for DV, whether they involve fetching a file, sending an email, or doing
a TLS handshake can fully mitigate a network attacker.