Re: [Acme] Signature misuse vulnerability in draft-barnes-acme-04

Andrew Ayer <agwa@andrewayer.name> Wed, 12 August 2015 23:04 UTC

Return-Path: <agwa@andrewayer.name>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 89DCB1B29D5 for <acme@ietfa.amsl.com>; Wed, 12 Aug 2015 16:04:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qNgmrr__1Vr9 for <acme@ietfa.amsl.com>; Wed, 12 Aug 2015 16:04:06 -0700 (PDT)
Received: from alcazar.beanwood.com (alcazar.beanwood.com [70.85.129.230]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43F7D1A904E for <acme@ietf.org>; Wed, 12 Aug 2015 16:04:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=andrewayer.name; s=alcazar2; t=1439420645; bh=gA3g6gmqZmbApVRfvv29udYtNP5yhS2PVY0y0GkW6v0=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=AeFQlgNq/aaOfBdnr5JyE5W/3uSu59ZueJ4GWlsU+foZ+KSwJyKMqcV4mdWwZIgcf gaR8G20DUFO2Lt6qytmJJQZiPNK7DJ7YIdExXsmTywsalJDOJCzbzDT3LjE16S+G3N i3QySVO0sdU7Wu6utZblJP1LbCDS/H4yHNLRSz42B2wp4HdlEDmwGjakQO05TU3fLq uYOldq7Kme84XeWlxiJT//OOUl7VlhNfXb7gbhdZ37M2J6Rd/gPywjxHYLF2dNu0OB wfQyqIuu/7DY/xV4pCxcDvSyaXjRvjUM4iCspgWLnivgPkpO7I3DQCPL6w6EHiaZ+e CV68qlXsZ33Gw==
Date: Wed, 12 Aug 2015 16:04:05 -0700
From: Andrew Ayer <agwa@andrewayer.name>
To: Richard Barnes <rlb@ipv.sx>
Message-Id: <20150812160405.b824b673ad9b139a4fd9446f@andrewayer.name>
In-Reply-To: <CAL02cgRf2M0Gkqymif-=rmNG0v9hhaMC2SBiXf-n5aYiRKBnmQ@mail.gmail.com>
References: <20150811085205.bbcd37b3b0bb0482f6522b1a@andrewayer.name> <CAL02cgRf2M0Gkqymif-=rmNG0v9hhaMC2SBiXf-n5aYiRKBnmQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/W06WigXlNMoZSB6EvuS0O8-kps0>
Cc: "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] Signature misuse vulnerability in draft-barnes-acme-04
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Aug 2015 23:04:09 -0000

On Tue, 11 Aug 2015 22:52:05 -0700
Richard Barnes <rlb@ipv.sx>; wrote:

> I'm not 100% sure I agree that there are non-trivial cases where RSA
> allows one to find a key that will verify a given (message, signature)
> pair.  (I would note, however, that you don't even need to find the
> modular inverse d of e -- you just need n and e such that s^e == m mod
> n.)  It's even less clear for ECDSA.  I'm not sure we even need to get
> a clear answer to that question, though.  There are protocol ways to
> hack around it, as you suggest.

Thanks to Trevor Perrin, I now know that this attack is called
"duplicate-signature key selection," and found a paper which presents
a general way to construct a non-trivial RSA key (pages 4-5):

http://eprint.iacr.org/2011/343

It also presents an attack with ECDSA, though it depends on the
attacker picking their own base point, and I believe that the
commonly-used curves (P-256, P-384, and so on) specify a fixed base
point.

> I think you're on the right track that we really should just not use
> signatures here.  I had added those in response to concerns about a
> CDNs in front of the ACME server, but in retrospect, they're solving
> the wrong problem.  The risk posed by a CDN is that it swaps the keys
> out, much like this situation.  So it's enough for the statement by
> the domain owner (i.e., the validation object) to include an
> indication of which account key he intends to authorize.
> 
> This actually adds some symmetry to the challenges.  I had thought
> that proofOfPossession seemed like the odd one out, since the account
> key was being signed instead of doing the signing.  Your observation
> that the domain holder needs to assert the key basically says that the
> other challenges should follow the proofOfPossession model and have
> the domian owner make a statement about the account key.  It's just
> that in the other cases, the authenticity of the statement won't be
> shown with a signature, but with its being provisioned in a particular
> place.

Exactly.

> We will probably want to bind some more stuff into the validation
> object besides the public key, though, in order to bound replay
> opportunities.  At the very least, there needs to be a token that the
> CA can use to associate the validation object with things like which
> identifier is being authorized, and what type of challenge it goes
> with (to prevent replay for different domains, or in different
> channels).

I may be overlooking something, but I'm skeptical of the value of
including extra information.  If an attacker can replay a validation
object for another domain or in the context of a different challenge,
that means the attacker effectively controls that domain/validation
channel, and can just contact the ACME server, start a new challenge,
and complete it "normally" without any need for replays.

> In light of the above, ISTM that the right tactical move is probably
> to define a standard validation object that many challenges can use.
> Then the proofOfPossession challenge can sign the validation object,
> and the "put it here" challenges can provision a digest of the
> validation object.

That seems like a great way to simplify the protocol.  On the other
hand, Jacob's /.well-known/certificate/acme-account-keys.json idea is
also quite nice.

Regards,
Andrew