Re: [Acme] kinds of proof (was: Re: ACME or EST?)

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 28 November 2014 13:21 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F311F1A00E8 for <acme@ietfa.amsl.com>; Fri, 28 Nov 2014 05:21:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.278
X-Spam-Level:
X-Spam-Status: No, score=-1.278 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9WRCye89jJ4m for <acme@ietfa.amsl.com>; Fri, 28 Nov 2014 05:21:26 -0800 (PST)
Received: from mail-lb0-x235.google.com (mail-lb0-x235.google.com [IPv6:2a00:1450:4010:c04::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 84DC41A1AFB for <acme@ietf.org>; Fri, 28 Nov 2014 05:21:25 -0800 (PST)
Received: by mail-lb0-f181.google.com with SMTP id 10so5510410lbg.26 for <acme@ietf.org>; Fri, 28 Nov 2014 05:21:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=Xgz7ymyK36viaaT6+5+dobcP+JAaP8H38Y0q0GzLjcQ=; b=WgOW7vDIS4GAQt4RCs772S7TVXa8aRVIWh5lxW7GgW/WHCLIvKJpslPcA+GhXtHpH+ nSenz8M3nmUxaR9OcvzdgwGP1w5kIWOVOhIJdpQVaaGVx2JInr1nmQJ58PGpXuE2ZKXu AVrAB1RiPakJ2S4iueUAHz4CwpVUyCG4nMPa2DjTwqQVxPEwwKO/79sBfLLeJjA1iNiO XzCDJg+N60YVEMsiJHHoJHdrIRFNjldNx1sqmet9+9SzHGwbQTuy0BZ+Ftlu8GTNqNyn J1luAX14DZN6k4GdlJpTAZJsB27GosXz4xkZeq3ciJizPDyanguOA22MdSH2hn35i8LL HPmw==
MIME-Version: 1.0
X-Received: by 10.112.160.137 with SMTP id xk9mr1334371lbb.99.1417180883993; Fri, 28 Nov 2014 05:21:23 -0800 (PST)
Sender: hallam@gmail.com
Received: by 10.112.34.212 with HTTP; Fri, 28 Nov 2014 05:21:23 -0800 (PST)
In-Reply-To: <54784C61.2080508@cs.tcd.ie>
References: <AD5940AA-6F01-4D0E-A4E0-19AEA56BBED3@vpnc.org> <CAL02cgTgpjQffow2XuaNuT7BtqYVttXdVUgyqBFbsAbN4g0VzQ@mail.gmail.com> <DEC7A8A8-563D-41B3-94AC-71DC7219D3F8@cisco.com> <m27fyg4yzg.wl%randy@psg.com> <547754C0.9050306@cs.tcd.ie> <20141127211348.GE25114@mournblade.imrryr.org> <54784C61.2080508@cs.tcd.ie>
Date: Fri, 28 Nov 2014 08:21:23 -0500
X-Google-Sender-Auth: 0W_h5YL2OSM77IaSTfOeyY8ZZxU
Message-ID: <CAMm+Lwie_iO0T95KahpJATpoR39dHRycAy_1ewA9ZAn9-eiQ_A@mail.gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset=UTF-8
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/Oi0lUkKb7QCP-HAB_IT4SVtc4QA
Cc: "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] kinds of proof (was: Re: ACME or EST?)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Nov 2014 13:21:27 -0000

It is not clear to me that the form of the proof needs to be hard
coded into the enrollment protocol. It should certainly be possible to
layer in additional validation steps to support stronger validation.

On Fri, Nov 28, 2014 at 5:20 AM, Stephen Farrell
<stephen.farrell@cs.tcd.ie> wrote:
>
> changing subject line to the interesting bit...
>
> On 27/11/14 21:13, Viktor Dukhovni wrote:
>> I agree that the wire format (syntax) is less important than the
>> feature set (semantics).  In particular, there I'd like to see some
>> discussion of what kind of "proofs of control" should be acceptable
>> with a lights-out DV certification authority.
>
> Yep. Fully agree about DV. But DV isn't the only kind of
> validation I'd like to be supported here.
>
> I'd like if it were possible to extend that to include cases
> where one has control over the web server, but not the DNS.
>
> Now there are dangers in that so I'm not sure if it's really
> doable, but I've controlled web servers below tcd.ie for years
> (e.g. [1]), without any control over DNS, and I'd like to be
> able to do better than self-signed out of the box there too.
>
> The current spec [2] seems to allow for that via the "provision
> a file on the web server" method, but the details of that
> ("simpleHttps" I guess?) aren't clear. I'm also not sure of
> the security implications, which could be a killer (for having
> key authorization depend on this mechanism alone) so I'm sure
> there's work to be done there.
>
> But I'd very much like to just update apache on my servers
> and have that go get certs that work.
>
> S.
>
> [1] https://down.dsg.cs.tcd.ie/yesicanrichard.txt
> [2]
> https://github.com/letsencrypt/acme-spec/blob/master/draft-barnes-acme.md
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme