IETF Logo Mail Archive

Re: [Acme] Revisiting Proactive Issuance & new-order CSR

Daniel McCarney <cpu@letsencrypt.org> Wed, 08 November 2017 14:05 UTC

Return-Path: <dmccarney@letsencrypt.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E5D61127010 for <acme@ietfa.amsl.com>; Wed, 8 Nov 2017 06:05:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=letsencrypt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id q9x47_56pouM for <acme@ietfa.amsl.com>; Wed, 8 Nov 2017 06:05:18 -0800 (PST)
Received: from mail-it0-x22d.google.com (mail-it0-x22d.google.com [IPv6:2607:f8b0:4001:c0b::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F3973126C3D for <acme@ietf.org>; Wed, 8 Nov 2017 06:05:17 -0800 (PST)
Received: by mail-it0-x22d.google.com with SMTP id u132so3355689ita.0 for <acme@ietf.org>; Wed, 08 Nov 2017 06:05:17 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=letsencrypt.org; s=google; h=mime-version:reply-to:in-reply-to:references:from:date:message-id :subject:to:cc; bh=jckIeVo39ZlHxjx88TRkNjVggyZsO4ljyu+wkXWqYx0=; b=cJlQ0nKVXHhknEV9Ug1E8QZ1JFg/P+epbsVbtVH36bEtLTAk6iZPEeWtPUUp8bhJD0 t/ca/ERtMphRzYEjgB6ciqPLwLXY/CjguDTsJbNvSOMaUZY+lnJtqQvPv77Po84JBQ2Q ehKiB5zGKchnGzSnY3dS4YJL5oOnhK1Tq+3ww=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:reply-to:in-reply-to:references :from:date:message-id:subject:to:cc; bh=jckIeVo39ZlHxjx88TRkNjVggyZsO4ljyu+wkXWqYx0=; b=t4rY0Fxj0ILQFWO5TDGDl7O0gbl8R3SHwbsZcXlpG5N2YK5Qmi2bfYo972cmjvfoY0 BzjZsCrgvmrNzUz3GmsKVChXKYOJhlzL7Cs9hnjC2xi61m566/RDLo2FO19YUqY/GnwY c+mmzN9rMV4hoiH+AStsvgqPbkYGwuMjdpZHCI//eoYu9oNsMVEtJ8WzYivZkKkupH7K caH09U0uvebX5TSwDkWOKScG/hjHg8A2ComhOwQtWBzhoI3OHiFbVhDpgtDX18NIQTOk 9/j3lFacXLIsZucnEAUjDmVMBC/pcZjr8UN6/0j/S0Gj6w4ETamAJOD529A2RQNG93TU FulQ==
X-Gm-Message-State: AJaThX6Q2b5yHF3lJ+vo6mIJCZG/Jdt+MA5ppvMTu1xx/lp9mpnpHJT8 2SuaUy8svvGoQigRsWSEnaQEpt6rumcNRZ11SH1LpQ==
X-Google-Smtp-Source: ABhQp+R9s9czJmBKQEyAJjLAHFonARtQvFS6iQ2532LP4AegslDV4qFVUg86QOCz42V0+0QG5Wy8d7WeH5rhfVRsV18=
X-Received: by 10.36.215.67 with SMTP id y64mr753617itg.145.1510149917251; Wed, 08 Nov 2017 06:05:17 -0800 (PST)
MIME-Version: 1.0
Reply-To: cpu@letsencrypt.org
Received: by 10.107.88.21 with HTTP; Wed, 8 Nov 2017 06:05:16 -0800 (PST)
In-Reply-To: <20171102161833.pqxnd6ql22k4qiul@LK-Perkele-VII>
References: <71f3e975-7cee-18cf-2635-80eb13adff12@devever.net> <20171024141732.ufjysx5f73pyc5f4@LK-Perkele-VII> <CAKnbcLgsF6WdVkG=Xt0UCxh6ud6YRVh7RtENi_fcR-Z55j-htA@mail.gmail.com> <CAL02cgRj1DMQ6RH2KvZ6J68USqdE4YYKr6ZsUMyTSu2Mui4x6w@mail.gmail.com> <CAKnbcLjF0xrHXkpQ47dE=CrHNTmCXpPUq5=492DSZDzQpmCkCA@mail.gmail.com> <CAL02cgQT8WqST4xnJvJdXhtag_YeeQbJW4Uh=Sgg2CN90AVfvg@mail.gmail.com> <63029bbd-a9d5-0f30-718a-8d78f76a8e82@eff.org> <CAKnbcLiwUYR6XRL3dwvbNszAQ6xCeVCHXs4QtGtGrdwb+yj3iw@mail.gmail.com> <CAL02cgQOf+MB1eTXu6St3ZB6nJoqFqoDP-Yi5a=yC-7Pai-kRw@mail.gmail.com> <CAKnbcLiGp0RTr1CoZY1eKX71OWdiKZin6NXLcN_Boa-a-EfVNg@mail.gmail.com> <20171102161833.pqxnd6ql22k4qiul@LK-Perkele-VII>
From: Daniel McCarney <cpu@letsencrypt.org>
Date: Wed, 08 Nov 2017 09:05:16 -0500
Message-ID: <CAKnbcLjt+1PK=5gRgfhkSvOyBhPBFHjMNFncq3N8YdVPg+KvRQ@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: Richard Barnes <rlb@ipv.sx>, Brad Warren <bmw@eff.org>, Hugo Landau <hlandau@devever.net>, IETF ACME <acme@ietf.org>
Content-Type: multipart/alternative; boundary="94eb2c0b05a4602779055d792d92"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/RgpRxf0Qk-lBnePdsCVpNHlT-Y8>
Subject: Re: [Acme] Revisiting Proactive Issuance & new-order CSR
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Nov 2017 14:05:20 -0000

Hi Ilari,

I guess if you find any use for the key at all depends on if authorizations
> are order-scoped or account-scoped.


See this follow-up thread[0] - it seems like "scope" on orders is
unnecessary & confusing. I vote it be removed and Richard Barnes seems to
be supportive of that.

There is at least one method in "10 methods" that absolutely requires the
> key to be known (number 9). Also, if the variant of the validation method
> uses the key, it does not seem safe to reuse it for different key.


Can you cite the specific challenge method you mean (or the section of the
baseline requirements) - I don't know which specific validation method
you're referring to.

More broadly: ACME defines a number of validation challenge methods. It
does not define a validation method based on using the public key from a
CSR. Using unspecified challenge types as an argument for why the CSR
should be submitted early doesn't seem very convincing to me.

What is the rationale for needing such a challenge type?
What problems does this challenge type resolve that are not resolved by the
current challenge types?
Do you or any other ACME servers have interest in specifying & implementing
such a challenge type?

I'm extremely hesitant to make design decisions based on allowing for very
open-ended features in the future when there isn't a strong case for the
feature or any established interest in implementing & shipping it.

If orders can live over 8 hours, then one MUST be prepared to take rejection
> at finalization anyway. Because even if CAA was checked at  authorization
> creation, it might have been changed and consequently fail the recheck.


Yes, this is something I mentioned in my reply[1] to one of your earlier
messages as well as in my reply to Brad Warren[2].

- Daniel / cpu


[0] - https://mailarchive.ietf.org/arch/msg/acme/wkQH2AqypoGnByiuCfYgq2UI3nI

[1] - https://mailarchive.ietf.org/arch/msg/acme/
KEB3sLRswTT3m_XIbZSW52r3lxM/?qid=abcabbc372443fbe31c952558aa3392f
[2] - https://mailarchive.ietf.org/arch/msg/acme/-uamQ4SPkxHR_eschpBSqkG1-yE

On Thu, Nov 2, 2017 at 12:18 PM, Ilari Liusvaara <ilariliusvaara@welho.com>
wrote:

> On Thu, Nov 02, 2017 at 10:29:58AM -0400, Daniel McCarney wrote:
>
> >
> > I understand that these corner cases aren't a super convincing line of
> > argument, but I also don't think a slight preference for double CSR
> > strictly because it allows delivering a public key rejection error
> slightly
> > earlier in the order flow is a very convincing argument either. Does
> > someone have something stronger in mind?
>
> I guess if you find any use for the key at all depends on if
> authorizations are order-scoped or account-scoped.
>
> If authorizations are order-scoped, then the keys could be used for
> additional validation methods... There is at least one method in "10
> methods" that absolutely requires the key to be known (number 9).
> Also, if the variant of the validation method uses the key, it does
> not seem safe to reuse it for different key.
>
> If orders can live over 8 hours, then one MUST be prepared to take
> rejection at finalization anyway. Because even if CAA was checked at
> authorization creation, it might have been changed and consequently
> fail the recheck.
>
>
> -Ilari
>

v2.23.0 | Report a Bug | By Email