Re: [Acme] ACME breaking change: Most GETs become POSTs
Richard Barnes <rlb@ipv.sx> Fri, 31 August 2018 14:23 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7912D1271FF for <acme@ietfa.amsl.com>; Fri, 31 Aug 2018 07:23:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hCYW4I_uXSwU for <acme@ietfa.amsl.com>; Fri, 31 Aug 2018 07:23:24 -0700 (PDT)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31A64126DBF for <acme@ietf.org>; Fri, 31 Aug 2018 07:23:24 -0700 (PDT)
Received: by mail-oi0-x236.google.com with SMTP id k81-v6so15843589oib.9 for <acme@ietf.org>; Fri, 31 Aug 2018 07:23:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gWvd2cK/a+aPDSYxczSg+bD2JoNy/kJCdJRqVr0LsVM=; b=sS1olsgOUVprqFynSfAYhoyDJI6XAwIblXnALnlh67nvkWQbwP9k9E3TbAc8bA4BbA NWxs8SH4bUIr8WiFJXQR/QIcfxPnuqUfQrww6M4Yi6LrQN5X2qognbX2ajkwit1s4sPC rFRryLYSFPJkWT2TIR19lxRFrHDMPsZT8Vg020+Id73symFSGheVU0CjuSDuBHDVm+FD U4pDBUHQsmgQqBX1FBUD+nLvPs6vtl5UFS0jR3VTRpLtoehYOss4xIPmgTtykIPC8UU3 B13l3da/Ch/jt7J2IemtNlsxlzGX03W1+aGnPnoIFbhDrhmDXCvwgooIGrp6QoWf8mY4 76qg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gWvd2cK/a+aPDSYxczSg+bD2JoNy/kJCdJRqVr0LsVM=; b=m3jOFHhQ6xXoyzkWNfgTmn471MgfnlEW9m34Q8O9tNxwf6HEFsiqaXaJoR2U+gWAuK CrAGCRhlZCuBtNgsBjjNuEMqlLcT6LcGEvpj01T/rEJr0eYhCV9ftQyKAzrC1sW4/Tu6 zebkk1J2lrE6V5VgCY1DV7a29h8SyFGu2MmTxWI5HSTxBHlOBZvDqlBrIlQ6DMzVpNea WJBqKx3Sg/Wakmi6B4F8KDTuJVbuPwfTHii6Rux5KfeaECxPT8XVYf5MUYOi7nsPDkCN IyEmENv5fQzEitv2eLDQ04y0J/fTY4VniG+sBRbxN6K95tH5MG4fYh9chK7NTUcsZHnT WfQw==
X-Gm-Message-State: APzg51D0lULHBtD+Ns2O/KOHu4Vt7gqMI1G7QGdc3jRme4TJkynMDlyp pOhEgjY3fPaBBYPadmVEoHe3LDV0RW5LgjIljO8fow==
X-Google-Smtp-Source: ANB0VdYrdnRCwJ6Tgc2BlL8w8UE7LfO1XnD6RXx2P8YH/Rnj3rkskvPvhoXsh6oETF0bVh1WX7NPdK7LNVmtd7w4weY=
X-Received: by 2002:aca:f189:: with SMTP id p131-v6mr7868681oih.14.1535725403362; Fri, 31 Aug 2018 07:23:23 -0700 (PDT)
MIME-Version: 1.0
References: <c33184f3-4e64-b7ea-babb-d29e2307f1f3@eff.org> <2a889461-da9e-d3bd-e5a8-688eda61c614@eff.org> <51509028-1939-4851-8BB5-41F94FA146A1@felipegasper.com> <CAL02cgTLEMAMZQicNvXzQrRnGeemrUojmGe_8r=e_YZCNazdsQ@mail.gmail.com> <4C101EA2-5930-4FB1-8574-C4EE4DCCF61B@felipegasper.com>
In-Reply-To: <4C101EA2-5930-4FB1-8574-C4EE4DCCF61B@felipegasper.com>
From: Richard Barnes <rlb@ipv.sx>
Date: Fri, 31 Aug 2018 10:23:12 -0400
Message-ID: <CAL02cgSdMdjfXVyex3v2MapraV1oNijUue2Wz2J1GKm0aDA-xA@mail.gmail.com>
To: Felipe Gasper <felipe@felipegasper.com>
Cc: IETF ACME <acme@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000023ed880574bbef62"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/O-4Da_YRxxJUt2Mwi0cCDTOHxQo>
Subject: Re: [Acme] ACME breaking change: Most GETs become POSTs
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 31 Aug 2018 14:23:26 -0000
To be clear, I'm proposing that the server MUST allow GET for a certificate resource (as well as POST-as-GET). It can protect those GETs with capability URLs if it wants to. On Fri, Aug 31, 2018 at 10:21 AM Felipe Gasper <felipe@felipegasper.com> wrote: > I wonder, then, if it’s worth making it discoverable whether the server > allows a plain GET for a certificate … other than, of course, getting a 405 > back when the client tries to request a certificate via GET. > > -F > > > On Aug 31, 2018, at 10:16 AM, Richard Barnes <rlb@ipv.sx> wrote: > > > > TBH, I'm not averse to allowing GETs for certificate resources. It > seems analogous to allowing them for the directory resource, just on the > opposite side of the process. That is, the directory and certificate > resources are the interfaces between ACME and the outside world, so it > makes sense not to force the outside world into the ACME authentication > model. In the same vein, capability URLs could be sensible here as an > optional protection, since they're an authn model that's easy for the > outside world to use. > > > > In addition, the content of certificate resources is tightly > constrained, so we don't have the problem that we have with the JSON > resources, that a server might add some information that violates privacy > expectations. > > > > So I would propose that we say: > > > > - GETs are allowed for directory, newNonce, and certificate resources > > - Servers MUST still respond to POST-as-GET requests for certificates, > to simplify client logic > > - If a server is concerned about the privacy of certificate resources, > then they SHOULD assign them capability URLs. > > > > I'll be updating the PR to reflect some comments in Github a little > later today, and will incorporate the above unless people think it's awful. > > > > --Richard > > > > On Thu, Aug 30, 2018 at 8:46 PM Felipe Gasper <felipe@felipegasper.com> > wrote: > > > > > > > On Aug 30, 2018, at 7:48 PM, Jacob Hoffman-Andrews <jsha@eff.org> > wrote: > > > > > > (Replying to Felipe's comment from the thread "Re: [Acme] Adam Roach's > Discuss on draft-ietf-acme-acme-14: (with DISCUSS and COMMENT)") > > > > > > On 08/30/2018 11:17 AM, Felipe Gasper wrote: > > > > Would it work to keep certificate fetches as plain GET? > > > > > > > > In shared hosting environments it’s common for a privileged process > to request certificates on behalf of user accounts. This avoids having > 1,000s of ACME server registrations from a single server. While > certificates are generally made available within seconds, theoretically the > delay between request and issuance could be much longer (e.g., for OV/EV), > such that it might be prudent for that privileged process to give the order > ID to the user and have the user poll for the certificate, e.g., via cron. > > > > > > This use case makes sense, but I think it is not critical enough to > carve out an exception from the "GETs become POSTs" plan. If the ACME > implementation structures certificate fetches such that they are > enumerable, you would wind up again with the same sort of correlation > problem Adam brought up. You could make the certificate URLs unpredictable, > but then you've introduced a notion of capability URLs[1], which breaks the > notion of having a single authentication system for ACME. > > > > I suppose if I have: > > > > GET /order/123/certificate => cert for yin.com > > > > GET /order/124/certificate => cert for yang.com > > > > … then one could surmise (however justifiably) that these two may be > related, so I see the point. > > > > > You could make the certificate URLs unpredictable, but then you've > introduced a notion of capability URLs[1], which breaks the notion of > having a single authentication system for ACME. > > > > I can see that. > > > > > > Thanks for your consideration! > > > > -FG > > _______________________________________________ > > Acme mailing list > > Acme@ietf.org > > https://www.ietf.org/mailman/listinfo/acme > >
- [Acme] ACME breaking change: Most GETs become POS… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Adam Roach
- Re: [Acme] ACME breaking change: Most GETs become… Felipe Gasper
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Salz, Rich
- Re: [Acme] ACME breaking change: Most GETs become… Felipe Gasper
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Salz, Rich
- Re: [Acme] ACME breaking change: Most GETs become… Nico Williams
- Re: [Acme] ACME breaking change: Most GETs become… Tim Hollebeek
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Salz, Rich
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Daniel McCarney
- Re: [Acme] ACME breaking change: Most GETs become… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Daniel McCarney
- Re: [Acme] ACME breaking change: Most GETs become… Daniel McCarney
- Re: [Acme] ACME breaking change: Most GETs become… Nico Williams
- Re: [Acme] ACME breaking change: Most GETs become… Daniel McCarney
- Re: [Acme] ACME breaking change: Most GETs become… Nico Williams
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Adam Roach
- Re: [Acme] ACME breaking change: Most GETs become… Eric Rescorla
- Re: [Acme] ACME breaking change: Most GETs become… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Adam Roach
- Re: [Acme] ACME breaking change: Most GETs become… Nico Williams
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Felix Fontein
- Re: [Acme] ACME breaking change: Most GETs become… Yaron Sheffer
- Re: [Acme] ACME breaking change: Most GETs become… Jacob Hoffman-Andrews
- Re: [Acme] ACME breaking change: Most GETs become… Richard Barnes
- Re: [Acme] ACME breaking change: Most GETs become… Adam Roach
- Re: [Acme] ACME breaking change: Most GETs become… Salz, Rich
- Re: [Acme] ACME breaking change: Most GETs become… Eric Rescorla
- Re: [Acme] ACME breaking change: Most GETs become… Erica Portnoy
- Re: [Acme] ACME breaking change: Most GETs become… Alan Doherty
- Re: [Acme] ACME breaking change: Most GETs become… Erica Portnoy
- Re: [Acme] ACME breaking change: Most GETs become… Adam Roach
- Re: [Acme] ACME breaking change: Most GETs become… Alan Doherty