IETF Logo Mail Archive

Re: [Acme] ACME signature mechanics

Phillip Hallam-Baker <phill@hallambaker.com> Thu, 18 December 2014 19:24 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E78561A9232 for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 11:24:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.277
X-Spam-Level:
X-Spam-Status: No, score=-1.277 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id F4wilnvgv2E7 for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 11:24:45 -0800 (PST)
Received: from mail-lb0-x22a.google.com (mail-lb0-x22a.google.com [IPv6:2a00:1450:4010:c04::22a]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9FD991A909E for <acme@ietf.org>; Thu, 18 Dec 2014 11:24:40 -0800 (PST)
Received: by mail-lb0-f170.google.com with SMTP id 10so1556451lbg.1 for <acme@ietf.org>; Thu, 18 Dec 2014 11:24:39 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=pToiWjJBv7aWDZFpaAz2HZnZtr23T4q0l1cRUmPOOok=; b=SjFOx8/WqOXxaxtd9ltRcXTJBnBXXJ1H3gMZqRD1KuqyvDqTf1K5Bn0HDnEHCSBlLy xUadHOOfKkpAsw9QFIW11T6hmm4R4tDMb77aeItL4IG65xqzqwIHS7YUvsOeEXm3paNJ pnmgOxy5uYQwYGU0IH1MzxGqCNRgMR0B7PS+Oq4zv6OtDkym2L/z25HyUzbq0KS5By4e OQWWDOdARzjy73+Eh9CpgnERUTj2gpWgGX6HzGV68XONQ+aT0riXgGRf0+xs5Bo7D6lv aOXOELullKfXINE3WJcnvXYzlynbXH+fRYBlekOR8jr8b9L3AF+q/iLz2OBLuDj8h9wl DuVw==
MIME-Version: 1.0
X-Received: by 10.153.11.170 with SMTP id ej10mr3979925lad.24.1418930679122; Thu, 18 Dec 2014 11:24:39 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.19.42 with HTTP; Thu, 18 Dec 2014 11:24:38 -0800 (PST)
In-Reply-To: <009d01d01af3$8013a2d0$803ae870$@icloud.com>
References: <548FF9E3.1020703@gmail.com> <CAL02cgT9iYqtX2Ui5XQYnj=yeF_QnSkKn-jE0D5d56WMzB5bBg@mail.gmail.com> <CAMm+LwjwG0dPTkByu5WZ_ev3xNxAMwunoc-A_VK4sKPSZXRYDw@mail.gmail.com> <006c01d01a33$2b086890$811939b0$@icloud.com> <CABkgnnWGQarDzpx-3f488OF2w3eyTV1iUr4GWyND+_avRHNZ6w@mail.gmail.com> <004901d01a94$55e9ebe0$01bdc3a0$@icloud.com> <54928827.9030009@gmail.com> <CAMm+Lwifqgt9e_i=froACzGW3bsY05KBiJJFBRJrqJcZrEqN8A@mail.gmail.com> <009d01d01af3$8013a2d0$803ae870$@icloud.com>
Date: Thu, 18 Dec 2014 14:24:38 -0500
X-Google-Sender-Auth: 3h4TCiINuTTTiNs-q73xglBn6PE
Message-ID: <CAMm+Lwj-mN9=Dbw0-xUjhj1XUyw5NZiDQ4SaY6xcCAAy+VZTMA@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Trevor Freeman <trevor.freeman99@icloud.com>
Content-Type: multipart/alternative; boundary="001a11347914171370050a828b4c"
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/KiuhEOrpU9dnApgL7TugCm51Fro
Cc: Richard Barnes <rlb@ipv.sx>, "acme@ietf.org" <acme@ietf.org>, Martin Thomson <martin.thomson@gmail.com>, Anders Rundgren <anders.rundgren.net@gmail.com>
Subject: Re: [Acme] ACME signature mechanics
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Dec 2014 19:24:47 -0000

On Thu, Dec 18, 2014 at 1:50 PM, Trevor Freeman <trevor.freeman99@icloud.com
> wrote:
>
>
>
>
>
> Part of the objective here should be to put the end customer in control by
> running their own issue point that is a proxy to a CA or another proxy.
> Binding the authentication to the transport means that the proof of
> possession can only be verified by the proxy which breaks the model.
>
> *[TF] If you trust the proxy enough to terminal the TLS then you trust it
> enough to pass a flag to indicate authentication succeeded*
>
> *Have you considered what value the POP on a pkcs#10 actually delivers? It
> does not show the subject submitting the request is the same as the one in
> control of the key pair. It just proves to the CA the key pair is
> functional.*
>


That is really fuzzy argument there Trevor. Who do you mean by 'you'?

In my model there are two parties, the CA and the Subscriber. Both can have
a proxy but the proxy is trusted by exactly one party. A proxy deployed by
the subscriber for their convenience is not going to be trustworthy as far
as the CA is concerned for proof of possession purposes.

The only circumstance in which the proxy is trusted by both is where they
are the same party. And that is not the main application for ACME.


If this was a transport layer concern then it would have been added to TLS
as an option in 1995. It is an application layer concern, hence the need
for an application layer spec.

v2.23.0 | Report a Bug | By Email