Re: [Acme] Obtaining the Tor hidden service descriptor for draft-ietf-acme-onion
Q Misell <q@as207960.net> Tue, 17 October 2023 09:54 UTC
Return-Path: <q@as207960.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9748DC15152E for <acme@ietfa.amsl.com>; Tue, 17 Oct 2023 02:54:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=as207960.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zDIYdrsGHBRz for <acme@ietfa.amsl.com>; Tue, 17 Oct 2023 02:54:21 -0700 (PDT)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD2ADC15109D for <acme@ietf.org>; Tue, 17 Oct 2023 02:54:21 -0700 (PDT)
Received: by mail-ed1-x52c.google.com with SMTP id 4fb4d7f45d1cf-53dd3f169d8so9262440a12.3 for <acme@ietf.org>; Tue, 17 Oct 2023 02:54:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=as207960.net; s=google; t=1697536460; x=1698141260; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=8uvVUrZ7r+skAaX29QwzQKruTnWMMbF55Ke274GRYFY=; b=inFLLAmtIp+wWL2MJ4Jvt8Ndz0hF7t7cRxKILm3UFzBtmXVmNqQ1fLddogCu5kn0BU QsuJcy8pRIzrwaj5jwvBBeWxeIn9qyZpvrxmqSaohcRJ7oRo+TUdT7Ye5IvCXhQM++R5 OX2FqpLSUActIyA0pAKoPuRtB/Y+UZKy2UZmlkXcqzW3Xw7VKOBAlJPzxEJhn6/XreTc NsdCSVserloYhRzdz2sYdsoZ61QucO/YOjk1wyVHKsFzroIt2JdptqRQhrLxZ0JnHXKB GE/fmCiByvVz4zLIgjF7N3sYUQz0TSYa48n1Zg+PsRja0kp5hXifhFxCZMLlJ2OsUMX0 RbrQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697536460; x=1698141260; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8uvVUrZ7r+skAaX29QwzQKruTnWMMbF55Ke274GRYFY=; b=DD9d8VC0RuFPbRQWEb3bilkFIhgUm9TaPXCk85drhPWu+/Is926kmii0bZfs4RrjNd YsTHHSr/M9zcInGHzFb85AcdVS1Nzu4T1BtnuOe1UT89ptgO8oUMNBbi9gBvzCSwHGaZ BaKfujAHvqSVHS61WpVYsSggMwRoMNw1b/7/FfnNsMTmKpK3k+4Y57UKtvWCLlqSDCVI fdMybDnqjkoKROSkj2numJciM9c8Fes+kf20FCuGO+kW5LEArLQgAkm6Db6geM0PkwXo GvkeQlAvHGQVG5l7rA1VrujMW7uEvMCZr4nUAUOJnO0BHRA1Q1nsyWJkDnJlxb7bOMVw UFYQ==
X-Gm-Message-State: AOJu0Yy4Vtdp06LYe1xuJ8JOOcruhB6l9zmEL1p8hAiDzTAa5z9vYxQc 7YzlYzT29FXCkZxFKzDI5iPOw/SKPm2sdXS1XwD/WNfJE2H1D0S1vAezJA==
X-Google-Smtp-Source: AGHT+IEw8Exsrey/ly/8b7jzbr/nC7Ffo5Yd4IQZ0RmcK6Mlzwb6lCRqt0X73uFU1xBGsFjCTLmzbTnZdukb0mYcmds=
X-Received: by 2002:a50:c34f:0:b0:53d:f073:587c with SMTP id q15-20020a50c34f000000b0053df073587cmr1476502edb.0.1697536459150; Tue, 17 Oct 2023 02:54:19 -0700 (PDT)
MIME-Version: 1.0
References: <CAMEWqGvnrgp=f4eO1nQ9hzzCnY2z-pxE8fyQvHnzTDYCx-jq6A@mail.gmail.com> <ZSWikYeVECjUrLM0@localhost> <CAMEWqGuJMA99nF8QCC+mJS3N1hSu3Gakvh+=bgo5H-VDgK8Z9g@mail.gmail.com> <CAMEWqGvN1n91eNZzZNfPQ89-Xoj-d9f_rPy0t_byneeDhxNStg@mail.gmail.com> <CAMEWqGt-+xxw3amX17Q247L0HiirAz5aDy7YWPFfSDGp5iMH+g@mail.gmail.com> <f96a266c-a55e-434b-8652-7f9854f643bc@gmail.com> <CAMEWqGs4zmxp66MMW_+z1j1ts9fvS8Gia=zKor7HxVQnUKvbkw@mail.gmail.com> <A5C851EB-90CC-4C7D-97C9-2C287BA8446D@gmail.com>
In-Reply-To: <A5C851EB-90CC-4C7D-97C9-2C287BA8446D@gmail.com>
From: Q Misell <q@as207960.net>
Date: Tue, 17 Oct 2023 10:53:42 +0100
Message-ID: <CAMEWqGu2vO7-5fY749hiCoE0hnHeHh_KiA2oqSgtSrAwNJB4UQ@mail.gmail.com>
To: Seo Suchan <tjtncks@gmail.com>
Cc: acme@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a42dcd0607e68169"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/NpTREBfq6HDKgzucIBjoLTGh2mY>
Subject: Re: [Acme] Obtaining the Tor hidden service descriptor for draft-ietf-acme-onion
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Oct 2023 09:54:26 -0000
> Well if CA is willing to run tor In house they can read caa record tor network (CA/B br forbids using external proxy to access tor website for verification purpose) and for onion challenge it already have the key to sign this on demand. Good point, I evidently had not thought through things properly. > And it's kinda vague when acme server are running tor client and see caa in finalization object : it may process it or ignore it and even reject finalization because not implementing this extension as they think not needed Yeah that bit does need further clarification. My intent was a CA may process it if they want to, but are not required to do anything with it, giving the following outcomes: - CA with a Tor client and no CAA in finalize: fetch CAA over Tor - CA without a Tor client and no COO in finalize: error - CA with a Tor client and CAA in finalize: either fetch CAA over Tor or use provided CAA, up to CA preference, but do not error purely because the CAA is there - CA without a Tor client and CAA in finalize: use provided CAA I'll work on making that clearer in the next revision. ------------------------------ Any statements contained in this email are personal to the author and are not necessarily the statements of the company unless specifically stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company registered in Wales under № 12417574 <https://find-and-update.company-information.service.gov.uk/company/12417574>, LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca Digital, is a company registered in Estonia under № 16755226. Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are registered trademarks in the UK, under № UK00003718474 and № UK00003718468, respectively. On Tue, 17 Oct 2023 at 10:33, Seo Suchan <tjtncks@gmail.com> wrote: > well if CA is willing to run tor In house they can read caa record tor > network (CA/B br forbids using external proxy to access tor website for > verification perpose) and for onion challenge it already have the key to > sign this on demand > and it's kinda vague when acme server are running tor client and see caa > in finalization object : it may process it or ignore it and even reject > finalization because not implementing this extension as they think not > needed > > > On 2023년 10월 17일 오후 6시 23분 21초 GMT+09:00, Q Misell <q@as207960.net> 작성함: > >> The rationale for expiry is that in the case of http-01 or tls-alpn-01 >> the ACME client need not have access to the Onion service's secret key. A >> long lived CAA signature could be generated with the key, provided to the >> ACME client to use, and the key could be kept away from the ACME client and >> only available on the machine running the Tor proxy. >> ------------------------------ >> >> Any statements contained in this email are personal to the author and are >> not necessarily the statements of the company unless specifically stated. >> AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace, >> Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company >> registered in Wales under № 12417574 >> <https://find-and-update.company-information.service.gov.uk/company/12417574>, >> LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 >> <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. >> EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: >> 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru >> maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca >> Digital, is a company registered in Estonia under № 16755226. Estonian VAT >> №: EE102625532. Glauca Digital and the Glauca logo are registered >> trademarks in the UK, under № UK00003718474 and № UK00003718468, >> respectively. >> >> >> On Tue, 17 Oct 2023 at 04:15, Seo Suchan <tjtncks@gmail.com> wrote: >> >>> >>> not sure giving expiry by client side is meaningful: as we send this at >>> finalization step, and as something would be very wrong if one request >>> another certificate in 8 hours from last certificate so whatever value >>> client may put there will be expired by the time we request: in effect it'd >>> be act more like timestamp and if it is I kinda want it to be nonce for >>> that certificate finalization explicitly. >>> 2023-10-17 오전 3:10에 Q Misell 이(가) 쓴 글: >>> >>> Hi all, >>> >>> In-band CAA is now implemented on the reference CA at >>> https://acmeforonions.org and in the certbot-onion >>> <https://pypi.org/project/certbot-onion/> plugin. >>> draft-ietf-acme-onion-01 has also been published with the in-band CAA >>> spec (refined from my last email from issues that arose during >>> implementation). >>> >>> Cheers, >>> Q >>> ------------------------------ >>> >>> Any statements contained in this email are personal to the author and >>> are not necessarily the statements of the company unless specifically >>> stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan >>> Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company >>> registered in Wales under № 12417574 >>> <https://find-and-update.company-information.service.gov.uk/company/12417574>, >>> LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 >>> <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. >>> EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №: >>> 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru >>> maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca >>> Digital, is a company registered in Estonia under № 16755226. Estonian VAT >>> №: EE102625532. Glauca Digital and the Glauca logo are registered >>> trademarks in the UK, under № UK00003718474 and № UK00003718468, >>> respectively. >>> >>> >>> On Fri, 13 Oct 2023 at 17:19, Q Misell <q@as207960.net> wrote: >>> >>>> I've found some time to specify in-band CAA, a quick first draft is in >>>> the working draft[1]. Looking forward to hearing people's thoughts. >>>> >>>> [1]: >>>> https://as207960.github.io/acme-onion/draft-ietf-acme-onion.html#name-alternative-in-band-present >>>> ------------------------------ >>>> >>>> Any statements contained in this email are personal to the author and >>>> are not necessarily the statements of the company unless specifically >>>> stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan >>>> Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company >>>> registered in Wales under № 12417574 >>>> <https://find-and-update.company-information.service.gov.uk/company/12417574>, >>>> LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 >>>> <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: >>>> GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean >>>> VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at >>>> Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as >>>> Glauca Digital, is a company registered in Estonia under № 16755226. >>>> Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are >>>> registered trademarks in the UK, under № UK00003718474 and № UK00003718468, >>>> respectively. >>>> >>>> >>>> On Tue, 10 Oct 2023 at 21:22, Q Misell <q@as207960.net> wrote: >>>> >>>>> Hi Silvio, >>>>> >>>>> Thanks for that info, that's quite helpful. >>>>> >>>>> I think the idea of allowing the client to just send the CAA lines >>>>> signed by its key would work well, and remove most if not all of the >>>>> problems I've been running into. >>>>> I'll work on implementing that in my draft, and see how difficult it'd >>>>> be to get that part only working in Boulder (as Let's Encrypt have already >>>>> indicated that they won't be implementing http-01 and tls-alpn-01 for >>>>> hidden services). >>>>> >>>>> Cheers, >>>>> Q >>>>> ------------------------------ >>>>> >>>>> Any statements contained in this email are personal to the author and >>>>> are not necessarily the statements of the company unless specifically >>>>> stated. AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan >>>>> Terrace, Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company >>>>> registered in Wales under № 12417574 >>>>> <https://find-and-update.company-information.service.gov.uk/company/12417574>, >>>>> LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876 >>>>> <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: >>>>> GB378323867. EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean >>>>> VAT №: 522-80-03080. AS207960 Ewrop OÜ, having a registered office at >>>>> Lääne-Viru maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as >>>>> Glauca Digital, is a company registered in Estonia under № 16755226. >>>>> Estonian VAT №: EE102625532. Glauca Digital and the Glauca logo are >>>>> registered trademarks in the UK, under № UK00003718474 and № UK00003718468, >>>>> respectively. >>>>> >>>>> >>>>> On Tue, 10 Oct 2023 at 20:14, rhatto <rhatto@torproject.org> wrote: >>>>> >>>>>> On Thu, Sep 07, 2023 at 04:55:51PM +0100, Q Misell wrote: >>>>>> > I've had some discussion recently with the Tor project on >>>>>> implementation >>>>>> > hurdles for draft-ietf-acme-onion. One concern that has been raised >>>>>> by a few is >>>>>> > the need to run a Tor client to validate requests, even with >>>>>> onion-csr-01, due >>>>>> > to the inclusion of CAA in the draft. >>>>>> >>>>>> Hi Q, and thanks for bringing this up. >>>>>> >>>>>> > One solution proposed to this is that the ACME client MAY[1] send >>>>>> the hidden >>>>>> > service descriptor to CA as part of the finalize request. The CA >>>>>> also MAY >>>>>> > require this, if they do not wish to run a Tor client. This, to my >>>>>> knowledge, >>>>>> > wouldn't reduce the security of the validation of CAA, as the >>>>>> descriptor >>>>>> > document is still cryptographically validated in the same way using >>>>>> the current >>>>>> > network consensus. Additionally the directory authorities that serve >>>>>> > descriptors are already non-trusted actors in Tor. >>>>>> > >>>>>> > The CA would still need a copy of the network consensus document to >>>>>> verify >>>>>> > the descriptor submitted by the client. Most directory authorities >>>>>> however >>>>>> > are reachable over standard HTTP over TCP, in addition to HTTP over >>>>>> Tor. >>>>>> > This would allow the CA to fetch the current consensus without any >>>>>> > connection to Tor. The consensus fetched this way would still be >>>>>> verified >>>>>> > against the trusted directory authorities of Tor[2]. >>>>>> >>>>>> Specifically, the "valid-after", "fresh-until", and "hsdir_interval" >>>>>> are >>>>>> the only consensus items needed to parse, decrypt and validate an >>>>>> Onion >>>>>> Service descriptor. >>>>>> >>>>>> > What are people's thoughts on this, and more importantly, what >>>>>> problems do >>>>>> > people see with this? >>>>>> >>>>>> After a lengthy discussion with Tor developers, we suggest the >>>>>> following >>>>>> options, prioritizing the least complex: >>>>>> >>>>>> 0. ACME clients MAY send "valid-after", "fresh-until" and >>>>>> "hs_interval" >>>>>> along with the descriptor, which would allow the ACME Server to >>>>>> verify >>>>>> CAA in a stateless way, without bootstrapping Tor to fetch the >>>>>> descriptor and without fetching the network consensus. >>>>>> >>>>>> 1. Only the descriptor is sent by the ACME client, so the ACME server >>>>>> would >>>>>> need to fetch and cache the network consensus. >>>>>> >>>>>> 2. The ACME client does not send the descriptor, leaving to the ACME >>>>>> server >>>>>> the job of fetching it, as stated on draft-ietf-acme-onion-00. >>>>>> >>>>>> For options 0 and 1 above, there are two ways that a consensus (or >>>>>> just the >>>>>> needed items) can be fetched either by ACME clients or servers: >>>>>> >>>>>> a. Through the Tor network, from one of many directory caches. >>>>>> >>>>>> As this involves bootstrapping Tor, it makes more sense for ACME >>>>>> clients to do this fetching, as clients are probably already >>>>>> connected >>>>>> to Tor in order to run an Onion Service or to make the ACME request >>>>>> through Tor. >>>>>> >>>>>> b. Doing HTTP over TCP, or HTTP over Tor to the directory authorities. >>>>>> >>>>>> While this is supported nowadays, it's not guaranteed to work in >>>>>> the >>>>>> long term, since this method is deprecated in favor of the approach >>>>>> above, and DirAuths may even stop serving the consensus directly >>>>>> by HTTP >>>>>> at some point. >>>>>> >>>>>> This also requires checking the DirAuths' signatures in the >>>>>> consensus >>>>>> document. >>>>>> >>>>>> > Should this be incorporated into the draft? >>>>>> >>>>>> Yes, we support this idea, but also note that, despite parsing and >>>>>> validating an .onion descriptor being relatively straightforward, it >>>>>> involves more code to be maintained. >>>>>> >>>>>> We understand that signed CAA parameters could be accepted directly in >>>>>> an ACME API request without reducing security and the need to process >>>>>> an >>>>>> entire descriptor. >>>>>> >>>>>> -- >>>>>> Silvio Rhatto >>>>>> pronouns he/him >>>>>> _______________________________________________ >>>>>> Acme mailing list >>>>>> Acme@ietf.org >>>>>> https://www.ietf.org/mailman/listinfo/acme >>>>>> >>>>> >>> _______________________________________________ >>> Acme mailing listAcme@ietf.orghttps://www.ietf.org/mailman/listinfo/acme >>> >>> _______________________________________________ >>> Acme mailing list >>> Acme@ietf.org >>> https://www.ietf.org/mailman/listinfo/acme >>> >>
- [Acme] Obtaining the Tor hidden service descripto… Q Misell
- Re: [Acme] Obtaining the Tor hidden service descr… rhatto
- Re: [Acme] Obtaining the Tor hidden service descr… Q Misell
- Re: [Acme] Obtaining the Tor hidden service descr… Q Misell
- Re: [Acme] Obtaining the Tor hidden service descr… Q Misell
- Re: [Acme] Obtaining the Tor hidden service descr… Seo Suchan
- Re: [Acme] Obtaining the Tor hidden service descr… Q Misell
- Re: [Acme] Obtaining the Tor hidden service descr… Seo Suchan
- Re: [Acme] Obtaining the Tor hidden service descr… Q Misell
- Re: [Acme] Obtaining the Tor hidden service descr… Seo Suchan