IETF Logo Mail Archive

Re: [Acme] Please consider adding server authentication

Kas <kas@lightc.com> Mon, 22 October 2018 14:57 UTC

Return-Path: <kas@lightc.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FE45130DE9 for <acme@ietfa.amsl.com>; Mon, 22 Oct 2018 07:57:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.1
X-Spam-Level:
X-Spam-Status: No, score=-0.1 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lightc.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mCEQTvhmaql4 for <acme@ietfa.amsl.com>; Mon, 22 Oct 2018 07:57:22 -0700 (PDT)
Received: from mail.lightc.com (mail.lightc.com [176.31.211.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 586A412870E for <acme@ietf.org>; Mon, 22 Oct 2018 07:57:20 -0700 (PDT)
dkim-signature: v=1; a=rsa-sha256; d=lightc.com; s=key; c=relaxed/relaxed; q=dns/txt; h=From:Subject:Date:Message-ID:To:MIME-Version:Content-Type:In-Reply-To:References; bh=JVl1/TWDTwu/O7oHhUUooe7NAhGi5xanQvFtUeTdShw=; b=UMOfrVV8gu8SZAyXD6V6rJQoEGlR4l/8nGbIEsE9iJCv0Xva4B+iKeas8KIoDugY9gYYU/fYXARKpKFnPqPrBF8ncHcup5t+gPkZbJF8I20yJoP+KjUM43nNqJ/+5cSOtChNxQsj8ONhGDth5DUGeffrbwungL9x0UKVcenJSOyCXdSbaxdfDasxaJqL/F940umCUZELoG08Mxo+bXTZJtySeb4TfPeuFSYE7IlxAnw2h+tuBQyOg6BIbS rAEkKG4pz3hcMox8bYVxIg/9ME+RUHbKxgnlBdtiMPVO+rM6sjNRawO4o22gp29S+VMoKMMb2fFfjp3/1WUg6urhzGNg==
Received: from [192.168.1.50] (Unknown [46.149.55.2]) by mail.lightc.com with ESMTPSA (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128) ; Mon, 22 Oct 2018 17:57:34 +0300
To: Richard Barnes <rlb@ipv.sx>, acme@ietf.org
References: <1b7ac56a-0eac-bb05-5eed-5cee50d6c6b6@lightc.com> <CAL02cgTCwzF0Vh6ExRBMVyJN5e6x0w=JOfYrVMaOGspZTM2uVQ@mail.gmail.com> <a8824bcb-9984-23e9-5236-8d3b55c021e8@lightc.com> <CAL02cgQXpaVLbuZzi6mMmPWheqAh70gDcrHOjj8jwUNPb0ioBg@mail.gmail.com>
From: Kas <kas@lightc.com>
Message-ID: <cc5944d0-2fb8-aea8-ceda-b9f7b44fe9da@lightc.com>
Date: Mon, 22 Oct 2018 17:56:04 +0300
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1
MIME-Version: 1.0
In-Reply-To: <CAL02cgQXpaVLbuZzi6mMmPWheqAh70gDcrHOjj8jwUNPb0ioBg@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------DA644C37D03E56EF98F29F04"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/Mfqkdip09rruYzn6ZkpWHw0he5Q>
Subject: Re: [Acme] Please consider adding server authentication
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Oct 2018 14:57:24 -0000

On 10/22/2018 5:40 PM, Richard Barnes wrote:
> On Mon, Oct 22, 2018 at 10:13 AM Kas <kas=40lightc.com@dmarc.ietf.org 
> <mailto:40lightc.com@dmarc.ietf.org>> wrote:
>
>     Hi Richard,
>
>     The weak point here is the TLS connection so the question is :
>     How to prevent man in the middle from issuing a compromised
>     certificate to automated client ?
>
>
> I don't understand what you're proposing here.  There's nothing we can 
> do in a protocol to stop a CA from issuing any certificate it wants 
> to.  (That's why we have Baseline Requirements, audits, etc.)
>
> Are you worried about a MitM causing the real CA to issue a 
> certificate to the MitM?  That risk is already addressed in ACME, but 
> using *client* authentication, not server authentication -- what 
> matters is the client from which the server accepts domain proof and a 
> CSR, not what server the client thinks it's talking to.
I am concerned about MitM issuing the certificate to the client.

>     or How to make sure TLS connection is not compromised ?
>
>     TLS require self signed root certificates and CA certificate and
>     this compromise the client implementation and put weak points
>     allowing attacks or failure due to expired certificates (
>     compromised system ...) , all of this can be prevented without
>     waiting for/(or forcing) DANE by implementing similar approach.
>     By adding such mechanism client can work securely forever, no
>     certificate to expire or revoke, such feature will eliminate the
>     depending on system provided CA certificates or any third-party
>     source.
>
>
> This sentence should cause you concern.  Nothing is forever in security.
>
Using forever was wrong, i shouldn't say that.


> As I noted above, there is already no need for third-party resources..
>
> --Richard
>
>
>     Best regards,
>     K. Obaideen
>
>     On 10/22/2018 3:48 PM, Richard Barnes wrote:
>>     Hi Kas,
>>
>>     Before launching into mechanism, maybe you could clarify what
>>     authentication property you think is lacking here?
>>
>>     Note that ACME already has server authentication, via TLS server
>>     authentication.  All the normal PKI mitigations apply there: CT,
>>     HPKP, etc.  It is also already the case that the CA can issue
>>     certificates for its ACME server; no third party is needed.
>>
>>     Thanks,
>>     --Richard
>>
>>     On Mon, Oct 22, 2018 at 7:06 AM Kas
>>     <kas=40lightc.com@dmarc.ietf.org
>>     <mailto:40lightc.com@dmarc.ietf.org>> wrote:
>>
>>         It will be regrettable and unfortunate moment to pass on such
>>         opportunity to make the internet more secure, and please let
>>         me start
>>         with listing the facts:
>>
>>         1_ ACME Server is CA server, if you consider it a CA server
>>         then you
>>         don't need a third party to validate and secure the
>>         connection with such
>>         server.
>>         2_ DANE is great but will not be adopted and needs years or a
>>         catastrophic failure by some CA to go mainstream, simply too
>>         many
>>         parties has it in conflict with their business model.
>>         3_ SPF and DKIM are used in plain TXT DNS records and they
>>         already
>>         securing the internet the world.
>>         4_ ACME protocol is utilizing DNS TXT record to authenticate
>>         the client
>>         so both server and client has DNS handling procedure.
>>         5_ There is huge security hole in providing the root
>>         certificates to
>>         secure the internet, and in most cases it depends on the
>>         system store,
>>         many antivirus software installs with default settings to
>>         intercept
>>         HTTPS connection by injecting their own root certificate in
>>         system, many
>>         things can go wrong with system store, even extensions in a
>>         browser can
>>         do that.
>>
>>         So why not authenticate ACME server in different way than
>>         DANE TLSA
>>         record and utilize TXT record similar to DKIM and make it a
>>         obligatory,
>>         this will allow two parties to securely communicate with only
>>         one
>>         requirement to trust one ACME server they already asking it for
>>         certificates, those parties can build secure internet
>>         environment based
>>         on one ACME server, even this protocol can evolve in future
>>         to issue
>>         certificates with only IP and no domain name, is that
>>         something wrong ?
>>
>>         (listing few ideas, examples)
>>         "acme.TLSA" TXT here you can copy the whole content of TLSA
>>         record in
>>         JSON format encoded in base64url ( may be too much )
>>         "acme.certs" TXT list the hash of the acme server
>>         certificates for
>>         secure connection ( shouldn't be the root or CA certificate )
>>         "acme.ckeys" TXT list the the certificates public keys in JWK
>>         format
>>         with base64url encoding ( shouldn't be the root or CA
>>         certificate )
>>         "acme.aKey" TXT contain one or more public keys (RSA or ECC)
>>         in JWK
>>         (base64url) format this key can be used to authenticate
>>         responses from
>>         acme server or only one critical response
>>
>>
>>         "acme.dir" TXT the directory url encoded with base64url ( in
>>         this case
>>         the client only need the server domain name like example.com
>>         <http://example.com> or
>>         staging.acme.example.com <http://staging.acme.example.com> to
>>         get the acme directory )
>>         "acme.chain" TXT url to download acme server certificate
>>         chain in secure
>>         manner
>>         "acme.store" TXT url to download the mini store for that acme
>>         server
>>         certificate trust in secure manner ( if this adopted then
>>         there will be
>>         many store provider like mozilla.com <http://mozilla.com> or
>>         android.com <http://android.com> the client
>>         application can get his own store form his own sources,
>>         client trust
>>         Microsoft and its store but he can't be sure the store copy
>>         in his
>>         Windows is not tainted )
>>
>>         Please consider discussion this.
>>
>>         Best regards
>>         K. Obaideen
>>
>>
>>         _______________________________________________
>>         Acme mailing list
>>         Acme@ietf.org <mailto:Acme@ietf.org>
>>         https://www.ietf.org/mailman/listinfo/acme
>>
>
>     _______________________________________________
>     Acme mailing list
>     Acme@ietf.org <mailto:Acme@ietf.org>
>     https://www.ietf.org/mailman/listinfo/acme
>

v2.39.1 | Report a Bug | By Email | System Status