Re: [Acme] [Technical Errata Reported] RFC8555 (6950)
Thomas Lußnig <lussnig@suche.org> Fri, 05 January 2024 20:17 UTC
Return-Path: <lussnig@suche.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B043FC14F5F4 for <acme@ietfa.amsl.com>; Fri, 5 Jan 2024 12:17:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.906
X-Spam-Level:
X-Spam-Status: No, score=-6.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7bMqVowooVc5 for <acme@ietfa.amsl.com>; Fri, 5 Jan 2024 12:17:11 -0800 (PST)
Received: from mx-33.smcc.net (mx-33.smcc.net [193.23.177.33]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3673EC14F5F1 for <acme@ietf.org>; Fri, 5 Jan 2024 12:17:08 -0800 (PST)
Received: from [192.168.0.243] (i5C755BC5.versanet.de [92.117.91.197]) by mx-34.smcc.net (Postfix) with ESMTPSA id 3DA561FF0EE for <acme@ietf.org>; Fri, 5 Jan 2024 20:17:05 +0000 (UTC)
Authentication-Results: mx-34.smcc.net; auth=pass smtp.auth=lussnig@suche.org smtp.mailfrom=lussnig@suche.org
Content-Type: multipart/alternative; boundary="------------nj1JXQw1WAamYIdjQBZqr7YY"
Message-ID: <d3a6eec1-bada-4928-af13-e1d2a1180a39@suche.org>
Date: Fri, 05 Jan 2024 21:17:04 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: acme@ietf.org
References: <20220502083134.BDA48E5311@rfcpa.amsl.com> <CAGgd1OeY01bGe+mgNo-UjjcFyYKGVLaBPgDFOJG1dusE+R9m-Q@mail.gmail.com> <CAGgd1OetWp7k-dbRTNr4XT3K+seZGsWgO2rsMghYhXTefy+SJA@mail.gmail.com> <145154801.12995201.1704458497262@mail.yahoo.com> <CAGgd1OceuyVxeudN9UKnmPNZbU7iE1M6EEHj1o8Ofb-ATyyY-A@mail.gmail.com>
Content-Language: de-DE, en-US
From: Thomas Lußnig <lussnig@suche.org>
In-Reply-To: <CAGgd1OceuyVxeudN9UKnmPNZbU7iE1M6EEHj1o8Ofb-ATyyY-A@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/WcaKZVwdS1dyEcazusH0zxnMN_Q>
Subject: Re: [Acme] [Technical Errata Reported] RFC8555 (6950)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jan 2024 20:17:17 -0000
Hi, i can not see any reason for changing the text. At least 128 bit entropy is clear defined. For example byte[16] buf; fillrandom(buf) token = base64encode(buf) I would se more importance to define the upper Limit. Because missing checks for upper limit of the string can cause more harm via buffer overflow than few bits less entropy because someone is not using the full alphabet. You can also not control that not base64encode(ISO-Date-String) is done. Gruß Thomas On 05.01.2024 13:48, Deb Cooley wrote: > My question to you would be: which RFC will make the most impact? > Seems like your comments weren't really targeted at ACME per se, but > at how to measure entropy using Base64 encoding? I have not read RFC > 4086 closely, but an RFC like that would impact all of them. > > Just my thoughts... > Deb Cooley > > On Fri, Jan 5, 2024 at 7:43 AM <lloyd.wood@yahoo.co.uk> wrote: > > Thanks for that. > > Well, I stand by my detailed comments of (checks dates) two years > ago. Which I had forgotten I ever even made! > > I know, covid and all, but lately in the past few years I’ve > been sensing a vibe of why-even-bother-submitting errata anyway. > (and sitting in a Tokyo airport transit lounge, heavily jetlagged, > is really not the place for me to do any detailed analysis.) > > Perhaps reframing it as some security concern, since > entropy, might prompt wider review? security types are quite keen > on this stuff, and do tend to like rigour in specifications to > close off implementation misunderstandings loopholes. > > best > > Lloyd Wood > lloyd.wood@yahoo.co.uk > > On Friday, January 5, 2024, 21:14, Deb Cooley > <debcooley1@gmail.com> wrote: > > I did some reading, some consulting, and some pondering. I > want to reject this errata. > > 1. The original paragraph: > > token (required, string): A random value that uniquely identifies > the challenge. This value MUST have at least 128 bits of entropy. > It MUST NOT contain any characters outside the base64url alphabet > and MUST NOT include base64 padding characters ("="). See > [RFC4086] for additional information on randomness requirements. > > In my opinion this is sufficient. It specifies how much entropy (w/ a ref), and specifies what cannot be included (padding, non-base54 characters). > > Let me know if you have other thoughts. > > Deb > > > On Thu, Jan 4, 2024 at 7:41 AM Deb Cooley > <debcooley1@gmail.com> wrote: > > opinions? Does entropy have to be measured as a base64 > encoded value? > > Deb > > On Mon, May 2, 2022 at 4:31 AM RFC Errata System > <rfc-editor@rfc-editor.org> wrote: > > The following errata report has been submitted for > RFC8555, > "Automatic Certificate Management Environment (ACME)". > > -------------------------------------- > You may review the report below and at: > https://www.rfc-editor.org/errata/eid6950 > > -------------------------------------- > Type: Technical > Reported by: Lloyd Wood <lloyd.wood@yahoo.co.uk> > > Section: GLOBAL > > Original Text > ------------- > token (required, string): A random value that > uniquely identifies > the challenge. This value MUST have at least > 128 bits of entropy. > > Corrected Text > -------------- > token (required, string): A random value that > uniquely identifies > the challenge. This value MUST have at least > 128 bits of entropy, which in the > base64url alphabet means a minimum string length > of 22 characters if the full > scope of the base64url alphabet is in use in the > token, by: > log2(64^22) = 132 bits of entropy > > > > Notes > ----- > This standards-track document doesn't specify the > string ramifications for entropy; I'd expect it to be > called out to implementers, just the once, and then > referred to later at other tokens. > > If entropy is log2 the number of possible characters > (64 if full base64url set of chars is in use) then > log2 (64^21) = 126 > log2 (64^22) = 132 > > so a minimum of 22 characters are needed to get a > minimum of 128 bits of entropy in the token. > > But, if the random value is specified using a subset > of the base64url, say because the implementer doesn't > like or use CAPITALS or (most likely) the punctuation > symbols, then the token must necessarily be longer to > meet the local implementer entropy requirement (though > just losing only the punctuation marks means you're > still good and meet the requirement with 22 > characters). Not sure that matters so much on the wire. > > I also have editing nits about base64url being defined > clearly in ABNF just for Replay-Nonce:, but then both > 'base64 alphabet' and 'base64url alphabet' are in use > in the document, and base64url references are to > RFC4648 via RFC7515, but those are to Base64url, not > to base64url... it all seems a bit inconsistent > editingwise. So all the references to 'base64 > alphabet' should be to 'base64url alphabet' as defined > in the doc, but it should really be 'Base64url > alphabet' to be consistent with references? > > (I really think that it should have been called > 'Base-64_url alphabet' way back when to enphasise the > punctuation use, but that ship has sailed.) > > To me, 'base64 alphabet' is the a-zA-Z subset of > base64... I think the document could be much clearer > in this regard, and I hope any doc revisions taking > into account all the other errata raised consider this > too. > > My thanks to Lee Maguire for pointing much of this out. > > Instructions: > ------------- > This erratum is currently posted as "Reported". If > necessary, please > use "Reply All" to discuss whether it should be > verified or > rejected. When a decision is reached, the verifying party > can log in to change the status and edit the report, > if necessary. > > -------------------------------------- > RFC8555 (draft-ietf-acme-acme-18) > -------------------------------------- > Title : Automatic Certificate Management > Environment (ACME) > Publication Date : March 2019 > Author(s) : R. Barnes, J. Hoffman-Andrews, > D. McCarney, J. Kasten > Category : PROPOSED STANDARD > Source : Automated Certificate Management > Environment > Area : Security > Stream : IETF > Verifying Party : IESG > > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme
- [Acme] [Technical Errata Reported] RFC8555 (6950) RFC Errata System
- Re: [Acme] [Technical Errata Reported] RFC8555 (6… Deb Cooley
- Re: [Acme] [Technical Errata Reported] RFC8555 (6… Salz, Rich
- Re: [Acme] [Technical Errata Reported] RFC8555 (6… lloyd.wood
- Re: [Acme] [Technical Errata Reported] RFC8555 (6… Deb Cooley
- Re: [Acme] [Technical Errata Reported] RFC8555 (6… Deb Cooley
- Re: [Acme] [Technical Errata Reported] RFC8555 (6… Thomas Lußnig
- Re: [Acme] [Technical Errata Reported] RFC8555 (6… Jacob Hoffman-Andrews
- Re: [Acme] [Technical Errata Reported] RFC8555 (6… Lloyd W
- Re: [Acme] [Technical Errata Reported] RFC8555 (6… John Scudder