IETF Logo Mail Archive

Re: [Acme] On multiple CAs and contact-based recovery

Richard Barnes <rlb@ipv.sx> Thu, 24 March 2016 15:23 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8761912DCC9 for <acme@ietfa.amsl.com>; Thu, 24 Mar 2016 08:23:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zBvfK3dJWi0e for <acme@ietfa.amsl.com>; Thu, 24 Mar 2016 08:23:08 -0700 (PDT)
Received: from mail-vk0-x232.google.com (mail-vk0-x232.google.com [IPv6:2607:f8b0:400c:c05::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3B09512DC33 for <acme@ietf.org>; Thu, 24 Mar 2016 08:07:19 -0700 (PDT)
Received: by mail-vk0-x232.google.com with SMTP id e6so62531723vkh.2 for <acme@ietf.org>; Thu, 24 Mar 2016 08:07:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=SO3/LZu1F7BBYXsIkstdxdjZfhYLj6cfnLobgwb632E=; b=seBjNkGoOEGup3EUfh28sQAuz3MWOasU/R72mWJc1DwWZRWHTWCK5ul3h6FokvGN2y VHkC7nnjWg9Kq2mPDT84Ec/coqFDdXo6Rdr5HaBzjdwMDcgrdA8DAUdX+tx47jB4XfS9 SeuNwMkwsWEzXGNF8fEOJXY9MLwDZ+OOSDNlxRWhUPaScPqPzEXJ9ye7tlCEfKlm3If9 J3MKsDvaO5s5UV+kxyz304mbLLB1AMH1JiqPAtqM1bvnaRjWa3HzSc3JzYghKSIxMMZV qT/AQ+m6DjyGeOOK1jJNVT+SFMYYjxSjMhpDOwLkEZTKr7uAYXwXfUwMNtFQZSDNODjn F7Aw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=SO3/LZu1F7BBYXsIkstdxdjZfhYLj6cfnLobgwb632E=; b=ihaVBh080q46CKS1slYYE+auajQxpcOL/5fZjDbBpygVBfwa7pPejN9eIX2ik2GOd/ SXxzkg5UDUC398h8R4I7HzlQa47m7k4bjnztTRdy2myuogkiPHTDzUfP+wqrtSvyFt6E 9dBgJNXrKNw+MwEaa4Q2SEE+Qnf6/RBgu07gCCpX881eQhrGbwkg1SZWYXWVMAjHoJ7m 0/Bx4Nr8XfgToX2walSwqvjgtZWjbyK3TT4zqGUmalceEwqsc9i4SGWQwFnT7mYeYu6w QCroOZyUa+UDKtwXu4wuUm6eR3dAjxv9rwpwQvd64/GP2fHdNGYgIxAkVSphvJXegrQA KMuQ==
X-Gm-Message-State: AD7BkJIuVj6cHNriXA+BIbeFKgoyo2vfp5gM7nLE3wCmUfnv5alVcndijGrDe2jFIxOuZq9UVtm4FFqEBN4C8A==
MIME-Version: 1.0
X-Received: by 10.31.8.205 with SMTP id 196mr4859975vki.144.1458832028730; Thu, 24 Mar 2016 08:07:08 -0700 (PDT)
Received: by 10.31.151.85 with HTTP; Thu, 24 Mar 2016 08:07:08 -0700 (PDT)
In-Reply-To: <20160324094240.GJ15641@hex.shelbyville.oz>
References: <B594A7FA-1F8B-489C-8A7D-328BCD60C79A@inria.fr> <CABkgnnVL2z1vR_ii_+0C0jwU9DVW8NWe5FsAbC3P_-o1V2sjEQ@mail.gmail.com> <20160324094240.GJ15641@hex.shelbyville.oz>
Date: Thu, 24 Mar 2016 11:07:08 -0400
Message-ID: <CAL02cgTVLQMWWbBpMSeOrFte+bdmDuoQNCUk2akOquFLJ2xFhw@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Ron <ron@debian.org>
Content-Type: multipart/alternative; boundary="001a1144f912dc1d7a052ecccc92"
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/PMXLxs6sk_0c6eIXRk3CV-ZXqjA>
Cc: Karthik Bhargavan <karthikeyan.bhargavan@inria.fr>, "acme@ietf.org" <acme@ietf.org>, Martin Thomson <martin.thomson@gmail.com>
Subject: Re: [Acme] On multiple CAs and contact-based recovery
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Mar 2016 15:23:13 -0000

On Thu, Mar 24, 2016 at 5:42 AM, Ron <ron@debian.org> wrote:

> On Thu, Mar 24, 2016 at 04:45:06PM +1100, Martin Thomson wrote:
> > On 24 March 2016 at 09:33, Karthik Bhargavan
> > <karthikeyan.bhargavan@inria.fr> wrote:
> > > Emails with clickable links are *BAD*; we should enhance their
> security by
> > > linking them better with
> > > the ACME account key.
> >
> > FWIW, I think that a clickable link could be possible, it just
> > wouldn't be able to point to the server.  If, as you suggest, the
> > point is to give the ACME client a fresh secret, then the link could
> > be changed from:
> >
> > https://acme.server.example/recover/<secret>
> >
> > to
> >
> > acme:recover:<secret>
>
> Personally, I like the idea of moving best practice away from clickable
> links in plaintext email ...
>
> But if integration with existing email infrastructure is desirable,
> the other option to consider there might be PGP/MIME.
>
> The downside is you add yet another key to manage and all the things
> which come with that.
>
> The upsides are, we get to reinvent fewer wheels, we can have end to
> end security for the email exchange (to the point where the entire
> exchange could be a signed and encrypted reply to the challenge email),
> and the 'exceptional' recovery mechanism requires proof of ownership
> of a key which can be kept entirely separate from the normal 'day to
> day' use of an acme client - and which might be more likely to be
> protected by a strong passphrase than the keys used for automated
> acme renewals.
>
> (maybe the reason I lost my account key and need to recover is that
> someone broke in and stole the machine it was on, so having something
> which can trump that to let me recover and revoke it does seem like a
> desirable thing in its own right - but that then poses the problem of
> what proof do I need to show to securely change my trump card ...)
>
> In theory, the server and client keys could also be cross-signed,
> but that probably doesn't scale to having 7 billion signatures on
> the server key :)
>
> All the client would need to do is publish their PGP key on a keyserver
> and add the fingerprint of that key as part of their contact details.
>
>
> But that said, I do also like the simplicity of making this congruent
> with the account roll-over process.
>
>
> > Most operating systems understand how to invoke local software in
> > response to that and your proposed flow behaves much the same from a
> > user perspective.
> >
> > That isn't *as* good as your proposal, I don't think, but it might
> > have some usability advantages.
>
> The main downside I see to this, is that if I need to fully automate
> the acme client to perform certificate renewals every few weeks,
> then it's unlikely to be running on the same machine where I read
> email.
>

I think it's safe to say that any system which is designed to support
re-validation with any frequency cannot involve email.

However, note that ACME supports renewal of certificates without
re-validation.

--Richard


>
> Ideally it's going to be running in a sandbox that has very limited
> access to or from anything but the acme server, the machines where
> certificates need to be deployed, and the people who are authorised
> to administer it.
>
> If I was going to add a way to allow people to perform admin actions
> on it via email, it probably would be by having them send PGP signed
> control messages to it ...
>
>   Ron
>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>

v2.23.0 | Report a Bug | By Email