[Acme] Revoking certificates issued by an unknown ACME server

Hugo Landau <hlandau@devever.net> Thu, 14 January 2016 15:27 UTC

Return-Path: <hlandau@devever.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA5EE1B3584 for <acme@ietfa.amsl.com>; Thu, 14 Jan 2016 07:27:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.103
X-Spam-Level:
X-Spam-Status: No, score=-0.103 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bys-pIhMEcXj for <acme@ietfa.amsl.com>; Thu, 14 Jan 2016 07:27:49 -0800 (PST)
Received: from umbriel.devever.net (umbriel.devever.net [149.202.51.241]) by ietfa.amsl.com (Postfix) with ESMTP id 063A81B3582 for <acme@ietf.org>; Thu, 14 Jan 2016 07:27:49 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by umbriel.devever.net (Postfix) with ESMTP id 247B91C13C for <acme@ietf.org>; Thu, 14 Jan 2016 16:27:48 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=devever.net; h= user-agent:content-disposition:content-type:content-type :mime-version:message-id:subject:subject:from:from:date:date :received:received; s=mimas; t=1452785268; x=1470974629; bh=ynMF A9TwtKTXCmh0ciRHFTrb3FTKo9/AY2S3p96Krsc=; b=ApXVfrfx/hAQNYAckYgw QduPiG4SbFf5isehuzNIFL9SDw5jYJTadTLapjvCXcUm2/IVI5PN5pEE/AWbZiKq FvgeVrt0GnUGaFw578OP1GSwFJAsjUIpBTSX0+sdnUQrU8+Ou7QclbT1WwDiFL4T v7r6Fqb7hsSl0aUz3TyVhUece+cHqN64HyB+Q5fpIOWP3+ExjGj81uXYns0Bhn6+ 2bFTM4+gFe2g62FkqHDUTIJWDBCo2pq0EPhNA6jyvS6+yZnxFqh9cWLBnKw7ccun T5xt1TEQtLIxD9eMw5rSBruvux+d9LtjLOpte7VfrnAoRElZ9H76xEcM/L+e67u+ Cw==
Received: from umbriel.devever.net ([127.0.0.1]) by localhost (umbriel.devever.net [127.0.0.1]) (amavisd-new, port 10026) with LMTP id TrHmq4xHWxpz for <acme@ietf.org>; Thu, 14 Jan 2016 16:27:48 +0100 (CET)
Received: from andover (localhost [127.0.0.1]) by umbriel.devever.net (Postfix) with SMTP id E3D7C1C13B for <acme@ietf.org>; Thu, 14 Jan 2016 16:27:47 +0100 (CET)
Date: Thu, 14 Jan 2016 15:27:47 +0000
From: Hugo Landau <hlandau@devever.net>
To: acme@ietf.org
Message-ID: <20160114152747.GA28898@andover>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: Mutt/1.5.24 (2015-08-30)
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/UNCH86fmBaE8ceRxWTHvQng_bYM>
Subject: [Acme] Revoking certificates issued by an unknown ACME server
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Jan 2016 15:27:51 -0000

So while implementing revocation in my ACME client, I came to the
following problem: how do you know which ACME server issued a
certificate?

Given an ACME server URL, one can obtain a certificate, but there is no
reliable way to do the reverse.

If you think about it, it might be desirable to be able to revoke a
certificate possessing nothing but the certificate. For example, suppose
you identify a misissued certificate for a domain you control. Under the
current ACME protocol, if you can prove control of that domain, you can
revoke the certificate; however, this requires you to know what server
issued it.

Not sure what the good solutions to this are. One would be to include
the directory URL as an X.509 or OCSP extension, though that bloats the
certificate/response. Another might be to reuse the OCSP responder URL,
so that given an OCSP endpoint, one can obtain the ACME server URL, or
at least one suitable for revocation.

Something like:

  Normal OCSP Request:
  GET http://ocsp.example.com/ocsp/MFMwUTBPME0wSzAJ
 

  Revocation Location OCSP Request:
  GET http://ocsp.example.com/ocsp/acme-revoker/MFMwUTBPME0wSzAJ

  302 Found
  Location: https://acme-staging.letsencrypt.org/directory


Thoughts?

Hugo Landau