Re: [Acme] ACME vulnerabilities in SimpleHTTP and DVSNI due to common webservers' default virtual host semantics
Andrew Ayer <agwa@andrewayer.name> Thu, 24 September 2015 04:18 UTC
Return-Path: <agwa@andrewayer.name>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8C2D61B3023 for <acme@ietfa.amsl.com>; Wed, 23 Sep 2015 21:18:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DFWBKkcX-E-I for <acme@ietfa.amsl.com>; Wed, 23 Sep 2015 21:18:41 -0700 (PDT)
Received: from alcazar.beanwood.com (alcazar.beanwood.com [IPv6:2600:3c00:e000:6c::1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 401B41B3024 for <acme@ietf.org>; Wed, 23 Sep 2015 21:18:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=andrewayer.name; s=alcazar2; t=1443068320; bh=bTh9jOWPYkJeDO2WLQENZ0AVIPEJADGVZHZoWufuguI=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=jGf+1QAWbo9dIT/lhz8huYfo4iq49unyj3s6Xfj6w6Eu4fv0gbVMEaI6Xa8Ab1++l DxnuUUoWZ4PP3rL85dJvUiM25iM6diQCYNzgMhrn27+dCKzh/Kdy93sH+5+D28MjgF KbVVgumAZuwj8VXagLSAG1YLcHCvJ3oQHmpox+R4L6m0rrPYIyYn9JtHzRpDx8SNxo +GddVZeA+S17CWNuxe0NFZWNMQ7Tc/jjBc35450Ty2R5d2tI27DGDhtKMWFqzNYqzC 8o5ooKveqAa2zRCGtEvJQPcVgwq4lOo0R36fGvhqM/KeENn0qhpTfVIE6DIsPFnJIa kV/g1q4+TnXww==
Date: Wed, 23 Sep 2015 21:16:46 -0700
From: Andrew Ayer <agwa@andrewayer.name>
To: Richard Barnes <rlb@ipv.sx>
Message-Id: <20150923211646.38db2ba94b986acac6caa431@andrewayer.name>
In-Reply-To: <CAL02cgTaaaEtX1mcLrP6fxqMp_Q+9y+f+E0DYFedzMaJ5nXDRw@mail.gmail.com>
References: <20150922215258.GJ17243@eff.org> <CAL02cgTaaaEtX1mcLrP6fxqMp_Q+9y+f+E0DYFedzMaJ5nXDRw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/NFxhBl02Yi3_4S6gM-M4lK7hry8>
Cc: Peter Eckersley <pde@eff.org>, "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] ACME vulnerabilities in SimpleHTTP and DVSNI due to common webservers' default virtual host semantics
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Sep 2015 04:18:44 -0000
On Wed, 23 Sep 2015 18:19:19 -0700 Richard Barnes <rlb@ipv.sx> wrote: > I have to admit that I'm not super sanguine about fixing this. On the > one hand, hosting providers will always be a point of vulnerability > for automated verification that uses control of a named host -- the > hosting provider controls the whole stack for the domain, after all. > So it seems a little quixotic to chase after vulnerabilities at the > hosting provider. On the other hand, it does seem good to address > obvious, likely ways that a provider could *accidentally* cause > attacks. I'm not super sanguine about the fix either, especially given the complexity it adds to the DVSNI challenge. It is important to prevent people from shooting themselves in the foot with misconfigurations, but this goal has to be balanced against the need for the protocol to be useful and not too difficult to comprehend and implement. Also note that non-TLS SimpleHTTP could be vulnerable in the same fashion, if a hostname resolves to a shared hosting provider and a virtual host for that hostname is not configured. This could happen if the hosting account for that hostname has been terminated but the DNS hasn't been updated yet. But it would be pretty counterproductive to ditch SimpleHTTP just because of this possibility. > I am OK with dropping the TLS option for "simpleHttp" validations. > (We can always make SimpleHTTPS later.) One annoying implication with dropping the TLS option is that it makes it difficult to complete the SimpleHTTP challenge when your HTTP site redirects to HTTPS, as best practice dictates. You'd have to special-case an exception to allow the challenge response to be served over HTTP (this is annoying to do in Apache). This isn't a problem if the ACME server follows redirects when validating the challenge. The draft doesn't currently require or forbid following redirects, so implementations will probably end up doing whatever their HTTP client library does by default. Could we require the ACME server to follow redirects as long as the only change in the URI is the scheme? This should be safe since, presumably, the web server would only be configured to serve such a redirect if an HTTPS virtual host for that hostname was configured. -- Andrew
- [Acme] ACME vulnerabilities in SimpleHTTP and DVS… Peter Eckersley
- Re: [Acme] ACME vulnerabilities in SimpleHTTP and… Richard Barnes
- Re: [Acme] ACME vulnerabilities in SimpleHTTP and… Andrew Ayer
- Re: [Acme] ACME vulnerabilities in SimpleHTTP and… Peter Eckersley
- Re: [Acme] ACME vulnerabilities in SimpleHTTP and… Peter Eckersley
- Re: [Acme] ACME vulnerabilities in SimpleHTTP and… Michael Richardson
- Re: [Acme] ACME vulnerabilities in SimpleHTTP and… Peter Eckersley
- Re: [Acme] ACME vulnerabilities in SimpleHTTP and… Michael Richardson