Re: [Acme] Signature misuse vulnerability in draft-barnes-acme-04

Andrew Ayer <> Wed, 12 August 2015 23:04 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 89DCB1B29D5 for <>; Wed, 12 Aug 2015 16:04:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qNgmrr__1Vr9 for <>; Wed, 12 Aug 2015 16:04:06 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 43F7D1A904E for <>; Wed, 12 Aug 2015 16:04:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=alcazar2; t=1439420645; bh=gA3g6gmqZmbApVRfvv29udYtNP5yhS2PVY0y0GkW6v0=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=AeFQlgNq/aaOfBdnr5JyE5W/3uSu59ZueJ4GWlsU+foZ+KSwJyKMqcV4mdWwZIgcf gaR8G20DUFO2Lt6qytmJJQZiPNK7DJ7YIdExXsmTywsalJDOJCzbzDT3LjE16S+G3N i3QySVO0sdU7Wu6utZblJP1LbCDS/H4yHNLRSz42B2wp4HdlEDmwGjakQO05TU3fLq uYOldq7Kme84XeWlxiJT//OOUl7VlhNfXb7gbhdZ37M2J6Rd/gPywjxHYLF2dNu0OB wfQyqIuu/7DY/xV4pCxcDvSyaXjRvjUM4iCspgWLnivgPkpO7I3DQCPL6w6EHiaZ+e CV68qlXsZ33Gw==
Date: Wed, 12 Aug 2015 16:04:05 -0700
From: Andrew Ayer <>
To: Richard Barnes <>
Message-Id: <>
In-Reply-To: <>
References: <> <>
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Archived-At: <>
Cc: "" <>
Subject: Re: [Acme] Signature misuse vulnerability in draft-barnes-acme-04
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 12 Aug 2015 23:04:09 -0000

On Tue, 11 Aug 2015 22:52:05 -0700
Richard Barnes <> wrote:

> I'm not 100% sure I agree that there are non-trivial cases where RSA
> allows one to find a key that will verify a given (message, signature)
> pair.  (I would note, however, that you don't even need to find the
> modular inverse d of e -- you just need n and e such that s^e == m mod
> n.)  It's even less clear for ECDSA.  I'm not sure we even need to get
> a clear answer to that question, though.  There are protocol ways to
> hack around it, as you suggest.

Thanks to Trevor Perrin, I now know that this attack is called
"duplicate-signature key selection," and found a paper which presents
a general way to construct a non-trivial RSA key (pages 4-5):

It also presents an attack with ECDSA, though it depends on the
attacker picking their own base point, and I believe that the
commonly-used curves (P-256, P-384, and so on) specify a fixed base

> I think you're on the right track that we really should just not use
> signatures here.  I had added those in response to concerns about a
> CDNs in front of the ACME server, but in retrospect, they're solving
> the wrong problem.  The risk posed by a CDN is that it swaps the keys
> out, much like this situation.  So it's enough for the statement by
> the domain owner (i.e., the validation object) to include an
> indication of which account key he intends to authorize.
> This actually adds some symmetry to the challenges.  I had thought
> that proofOfPossession seemed like the odd one out, since the account
> key was being signed instead of doing the signing.  Your observation
> that the domain holder needs to assert the key basically says that the
> other challenges should follow the proofOfPossession model and have
> the domian owner make a statement about the account key.  It's just
> that in the other cases, the authenticity of the statement won't be
> shown with a signature, but with its being provisioned in a particular
> place.


> We will probably want to bind some more stuff into the validation
> object besides the public key, though, in order to bound replay
> opportunities.  At the very least, there needs to be a token that the
> CA can use to associate the validation object with things like which
> identifier is being authorized, and what type of challenge it goes
> with (to prevent replay for different domains, or in different
> channels).

I may be overlooking something, but I'm skeptical of the value of
including extra information.  If an attacker can replay a validation
object for another domain or in the context of a different challenge,
that means the attacker effectively controls that domain/validation
channel, and can just contact the ACME server, start a new challenge,
and complete it "normally" without any need for replays.

> In light of the above, ISTM that the right tactical move is probably
> to define a standard validation object that many challenges can use.
> Then the proofOfPossession challenge can sign the validation object,
> and the "put it here" challenges can provision a digest of the
> validation object.

That seems like a great way to simplify the protocol.  On the other
hand, Jacob's /.well-known/certificate/acme-account-keys.json idea is
also quite nice.