Re: [Acme] Warren Kumari's Discuss on draft-ietf-acme-ip-07: (with DISCUSS and COMMENT)
Roland Shoemaker <roland@letsencrypt.org> Tue, 01 October 2019 17:10 UTC
Return-Path: <roland@letsencrypt.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 388AF120A46 for <acme@ietfa.amsl.com>; Tue, 1 Oct 2019 10:10:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.758
X-Spam-Level:
X-Spam-Status: No, score=-0.758 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=letsencrypt.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NhxVuEZm3RAO for <acme@ietfa.amsl.com>; Tue, 1 Oct 2019 10:10:15 -0700 (PDT)
Received: from mail-oi1-x22b.google.com (mail-oi1-x22b.google.com [IPv6:2607:f8b0:4864:20::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1280A120A41 for <acme@ietf.org>; Tue, 1 Oct 2019 10:10:15 -0700 (PDT)
Received: by mail-oi1-x22b.google.com with SMTP id x3so15130340oig.2 for <acme@ietf.org>; Tue, 01 Oct 2019 10:10:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=letsencrypt.org; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=4QHZz2FPFfDLYDQVCeeh1XgMQcGAHFb+0sKPF4KbHQQ=; b=g1Sk9EbHng39Auf0EXCsUHlF38C0CSeXvzZvlmMzploCxBDB8YWSChSBKWks3Kzaov ZVNEW4YnEnMDxLi8Ge57a+eceo2vahv23kEZdWXUYfJPMnb8LbJeeVnS1JN32T9itR2r zxQSIkfE+kie33Jh1/5StMcF1V6K3gBsdBhBo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=4QHZz2FPFfDLYDQVCeeh1XgMQcGAHFb+0sKPF4KbHQQ=; b=PXNCQgY4MUa5Nc4Wb3oedJqWlYZncoGB5O1XUCPwwTDB+PV2msem37uDgXcGdQF7CY Zxq/C673uhhIw0BjgZsksu0MvMczFVOPgb0NMDJ8YVaL1qZviexofpasbcWcTWcc5b8W csBuoShCSf47Y11fOgA5Vbd0jnRhiek03hDPXgwiAoi+bLwP4saxdMa+cJ9v2KWYAaaX 05U1fTBxBa+Ghk7TDpjYqO+IYkvelQ0XvjCCM5wTZzII4pDZ3DWPFDWwHLGbvAUbS3Hj 6cP/Y1Bq9WtCno8ezz9GhRTcDkynHhXwgaTWL0D1Fu8X79C0RXfXGIJqbKVgrO0b+Eel n+WQ==
X-Gm-Message-State: APjAAAUIHhUTz7FPmxH95hXZig7F7jr7vzW2bYdt4ICQLwEzHcCZZoWr oVD8GvWimbSBP/6AnpzYD91jlg==
X-Google-Smtp-Source: APXvYqz3Hq5QKkimckfRcBI+VF9IfAV4UIZF1TZpURS/romjTbFZDjmO0moFqeWNRsT8DbuHAYAOqg==
X-Received: by 2002:a05:6808:4a:: with SMTP id v10mr4634709oic.96.1569949813475; Tue, 01 Oct 2019 10:10:13 -0700 (PDT)
Received: from ?IPv6:2600:1700:bd50:a5b0:acbd:9dc3:a492:1744? ([2600:1700:bd50:a5b0:acbd:9dc3:a492:1744]) by smtp.gmail.com with ESMTPSA id x140sm5493836oix.42.2019.10.01.10.10.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 01 Oct 2019 10:10:12 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
From: Roland Shoemaker <roland@letsencrypt.org>
In-Reply-To: <156994353133.23716.18054738012405816713.idtracker@ietfa.amsl.com>
Date: Tue, 01 Oct 2019 10:10:10 -0700
Cc: The IESG <iesg@ietf.org>, draft-ietf-acme-ip@ietf.org, Daniel McCarney <cpu@letsencrypt.org>, acme-chairs@ietf.org, acme@ietf.org, joelja@bogus.com, tim.chown@jisc.ac.uk
Content-Transfer-Encoding: quoted-printable
Message-Id: <797CB1A6-2C78-4BF7-A12E-B3B2DE910E9F@letsencrypt.org>
References: <156994353133.23716.18054738012405816713.idtracker@ietfa.amsl.com>
To: Warren Kumari <warren@kumari.net>
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/WhL72GJUBQC-EzJSjx8qD3wuDvg>
Subject: Re: [Acme] Warren Kumari's Discuss on draft-ietf-acme-ip-07: (with DISCUSS and COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 17:10:18 -0000
Hey Warren, Thanks for the review of this document. Overall I don’t find the suggested scenario particularly compelling in terms of indicating any security problems with the suggested document. The threat model defined in 8555 indicates that ACME is not able to mitigate scenarios where an attacker is able to demonstrate control of the validation target (whether this is via ARP poisoning on a local network in the suggest scenario or via DNS hijacking on the wider internet). Beyond that I don’t think this suggested scenario is that realistic. A public CA is unable to issue for internal private IP addresses, if the POS was using a certificate from an internal CA the attack might be viable, but only if that internal CA implemented ACME and allowed arbitrary user registrations which would be policy choices outside of the scope of this document. The second scenario you suggest is also something covered by 8555, if the attacker is able to fully control the network, then they can control ACME. This is not just the case for IP validation, if an attacker is able to hijack BGP routes then they are able to complete validation for both IP and DNS identifiers (there is currently a handful of both academic and industry work happening to try and mitigate these issues) and is also not just the case for ACME, any CA that does network based control validation, automated or not, is susceptible to these kinds of attacks. Hope that helps clarify my thinking on the topic. Roland > On Oct 1, 2019, at 8:25 AM, Warren Kumari via Datatracker <noreply@ietf.org> wrote: > > Warren Kumari has entered the following ballot position for > draft-ietf-acme-ip-07: Discuss > > When responding, please keep the subject line intact and reply to all > email addresses included in the To and CC lines. (Feel free to cut this > introductory paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-acme-ip/ > > > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > This is either a huge issue, or a complete non-event -- I'm not sure which - > please help me understand / convince me I'm missing something. > > Contrived, but simple example scenario: My local coffeeshop runs their Point of > Sale (POS) system on 192.0.2.10. They have a certificate for this (e.g from > LE), and all of their credit card machines contact the POS system using > https://192.0.2.10. I now visit the coffee shop, and using e.g ARP spoofing > grab 192.0.2.10. I then use ACME to request and get a cert for 192.0.2.10. I > now fire up a webserver, the credit card machines happily connect to me, I > present a valid cert, and they send me those sweet, sweet credit card numbers. > > I get that this isn't really an issue with ACME itself, but rather A: the > existence of IP based certificates, and B: the fact that the ability to > "control" an IP is more easily under an attackers control than the ability to > "control" a useful domain name. As another exmaple, I could construct scenarios > where I use BGP route hijacking to control an address remotely, without having > to visit the victim network. > > The Security Considerations section *does* say: > "The CA may wish to perform additional checks not > specified in this document. For example if the CA believes an IP > identifier belongs to a ISP or cloud service provider with short > delegation periods they may wish to impose additional restrictions on > certificates requested for that identifier." > > Again, I understand that ACME is "just" the protocol / means to automate this, > but it seems that this is a sufficiently dangerous thing to be doing that > having it more automated is a bad idea. Please don't misunderstand, I really > like ACME - it's made my life much better, but its power / convenience might be > dangerous here. > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thank you - this document is clear, understandable and readable. > Also, thank you to Joel and Tim for their OpsDir reviews. > >
- [Acme] Warren Kumari's Discuss on draft-ietf-acme… Warren Kumari via Datatracker
- Re: [Acme] Warren Kumari's Discuss on draft-ietf-… Roland Shoemaker
- Re: [Acme] Warren Kumari's Discuss on draft-ietf-… Warren Kumari
- Re: [Acme] Warren Kumari's Discuss on draft-ietf-… Ryan Sleevi
- Re: [Acme] Warren Kumari's Discuss on draft-ietf-… Jacob Hoffman-Andrews
- Re: [Acme] Warren Kumari's Discuss on draft-ietf-… Warren Kumari
- Re: [Acme] Warren Kumari's Discuss on draft-ietf-… Warren Kumari
- Re: [Acme] Warren Kumari's Discuss on draft-ietf-… Warren Kumari
- Re: [Acme] Warren Kumari's Discuss on draft-ietf-… Alan Doherty