IETF Logo Mail Archive

Re: [Acme] [Technical Errata Reported] RFC8555 (6950)

lloyd.wood@yahoo.co.uk Fri, 05 January 2024 12:43 UTC

Return-Path: <lloyd.wood@yahoo.co.uk>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 25CACC151548 for <acme@ietfa.amsl.com>; Fri, 5 Jan 2024 04:43:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.105
X-Spam-Level:
X-Spam-Status: No, score=-1.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.co.uk
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IJNJwm9Mi1Vi for <acme@ietfa.amsl.com>; Fri, 5 Jan 2024 04:43:42 -0800 (PST)
Received: from sonic303-47.consmr.mail.ir2.yahoo.com (sonic303-47.consmr.mail.ir2.yahoo.com [77.238.178.228]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D279DC151532 for <acme@ietf.org>; Fri, 5 Jan 2024 04:43:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.co.uk; s=s2048; t=1704458620; bh=rnGK/NhiDJtwEUrse8ABj452AG6n+mbCy1xcxr86fIU=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From:Subject:Reply-To; b=S2EjQxsYwXaLfxygIQLsGNL8xUh2Z5wgLt8WsQDjIBf6+VlrMSEEhhHdLqxIqiOtuKADKO5hfCYUfWanMfRS4/I+1G7NprhQHfNu5ah9Tlm6oZ2QrZ6BcJmTWfUvN0NDNYQbrEqeqFDp9QM+H4wsM8oJdI4PERB4c3cvyFrC7Z/Snn5oU2RT+mN9+J+K0LFNDzhk73X/+rQvvQsFrM2rExbKVEVFXAgZukK/LL2NUxOPVRSck8/lt6NjR0VwVHGEzGmOs81jYqUICD52MOqulzV4knJNmZaAz97Ly2CJ197w2JWDoildIycBc6Eup/fw1OYkQ8IBpn01C1n0pxh+9A==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1704458620; bh=mKGuBTIJ4YKihn5NhftnxWPxUrEHipuvnn3iNol++Fn=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=XXJ739oRLUw8Gf3Lj5UEjgJbMzNX0OIoyvX0FRUXkAdejXT1iDTsLXh4/4jF2ICFDzMrbm0moV7UngPk9gg4deYYoiEr3iDU20ML0rALu2OXR1eJuh0+3qes41XKuQcUsSizA/XU71cj6bdEDXk5GUIgHTWTbVOG37tbGUIRbdA5Do+4/v5pBjGeZqeqhspUclfWWvnEQa39ERujjUraVWWTR103yoBNpt1CBfN6FtNvQPi3Xlca1I/dERfAA+IRsn5AENfSGejWmgTaqZp0Gu+6bGiEUq05dmuCC4oc+uv5DVh1xKAhaoXLduo6DWIUbfsvrYf7CzDv0CyMBBKEEA==
X-YMail-OSG: UZHA44AVM1klnTmuTrImdnYXUC8g6bZVm_sLwMifEHVt_1TAZwMEpv7uN7qKj50 oYpSE7QASWoGHh5oQikIb9NMOjSABfFIlyfNJ8JntcA_VN_LanxAPgznoZaos97qpLSYEKckxoHo q6JuIeD5TRdeOuwWYXHWSIKLVPxlb4ZlzhZVy0zsuMaWcLJ1Dc2_5ucobJeNaU_41etu8k8g_kHH u02YW4OCIBh42V8sOj5ipDurVGaTLYiX3Sgjs7YaDw2NQs_LJJf1inaJ0FsV7PW8xXVqWOsMln5q vb_IyabAEzi5.O.uScqjeJxwyq5rZ3DJbLlCy0xfGEnMQR4rcx.32rnIvCz1hhw1nL_0ah0hBZoa vjZ_p7xQI0PIcrUyoToawVjjV.BJclM2T4d.OUWvPpDOzRPuYfix23NZAGmBEglpP36xwwU7jO0h LGSvd_1PKWX.sepMznvfvG4y4azTUUYO6jotEgtkQIuVWHCJ27V1g.3jDxPSwnBfvUhLbSfnCJtJ hOU0WaEs9Sk5YDtXP4tMICRn3ICnJ8hDtZ77_EXoZf.Qzv2L7mD8E8rXOA_qY961hVsA1ZBlI0MI KOWDkcmcGc1lnzn5eT61H7wpXyiaMnRv9_DLDcRWzK6pFWyob3abdF7aLMQDTXXQKtj2iltgxUY4 00XAcwR39LX4HIqJD5ATpptYaB82q2TS7_3BDhHpDNkA6ZZ8XTYh4HrVm0syZ_RIcRzSsG5aumhv 95zfkwP0e08o6TRUrJCsaGXuzwIRpMzNYA7ae8PUr1idoN7jCiW.uDhKGGSxRu47EfuYkD.gIQoR H1A4RZK__Xuye7WZm.z8ag7DXjHAX9vdFnlrKNia.PWpB0hTIQgA8j0oSsDuno5MC20AzWj0qNfN 8z8WGco65tq62FsfZvjCV3QaSX0FZEABkvrhEyxSrDffC.xniuWiGeSMTUxxQ8SC_dDNLxovZQ3. ZAt3e4xrQxY83ZokZ5.TH_xZGJr3la3mUS08LEsDivioQnLM8aojIrojb1KRXOTeGaCgoCrqF72Y tXAPE9EZPauwiy2e4i5XgcZUCIJ0tdAv9GwyI5mPX5wiBVr0VnkoCNH3YFWddzc6y4blhdj5Lh09 z_BXHshfe4dAbBlIU0MTlxQ_nDMIgP.4F_j_7tpxtkz4Hg4HtLQSk0qIJ_hSVCOqojco_ydznZKV bM8G_h2vYsonZEkT71aivBLWs10jSKk8s0.7NOukWLoX_6beRgU8.JxOJNJciJq_Ds2MQ1zk082J dsbxqAqdVp3.toYU.CJSBR9Q2me7w6SE0voKEwFRNNQObWzSQm2exJ3yJ3edg8dcpt_BBeQ6GJvT ZOcj2RNkSv8oQmUhPtNU7_vK.dGONaSHQKp9kFq2ZiP.wYLV6DA7XDKyxew1IGKs.5borJsFCtH. XQL.XUA7GTeValDVtlmGzCxoqLnwP0TsHzbyVtD0myUylJ27DTxEVfYzmjVmX0_.oXkBC6AflrSv js.vNfVvb20qZ_da0rO1F06Hz2Fal81r6fhlqaa9nmg1ueVVjJRW8AIYeGjdurdaxxnDEEEw4BqC HqLs_jPGIGLCZNY3anOJyiy7SU319Obm301A3HEvoHphmi5LMDBfwmIM9wJ0.ITVY51z_jikR4Q6 X9Z184gPECPTmsaA.anxB6MQHTZC3AITD7Dm3aGJ5qp0a60kkuVCwueXg4.Rnm1eDZ6JXjAYSCSv s4mvIpeytQ2kvRALmEoNeZ6oVmajoh6wiV96gjq2wBDJYv0gRMOBtC1s3Aj8BduqCUIZMzTuskku WjPr1AUD8FpgwIDglrt61GTe0J6a7rfO836hJ5odDSoPZGXsPD9Bzs.vuCJkgyIHYpP940DIv8np mts1vevnhvqSN1Y5FS_bGrnjPZDOM7V9AAZAXGPSQXIyLqwcD.baIdl61p8Q9wCHSkbDDJzw3fkk OaKDZQL4YdEqLJZVIeV9i_qQKZffTImW9roGzg.NscDAZbufvgdmDF4JEnJr110oJYM.XTvp9lDn xBqNGzFHGc_u7pYPSKIFgi31VCGrusYnt4H9K8tZg.ldq07Ks2wfrGiA2OjFI4LBChQmEtFcY_kc Xs6uGFXFTJsAiTyj7l2T0vyyBt6YRIaXrq6Dk.b4IIZDAlPyoo.W2YSD.rrCZy7AILFhfj.Socy5 7w.F1sf7IwQtDRhLNuMm5pwtIoLg8Pw_BonbdewEpajsrGM7OZcZK7WD4WDJA4fqkXwx4.AcZEJr D8q7Qwwmo87x9ZU8Xmc99IptfW4dI8vA.19LyvG7cEOEjCDqYQ5nWzSv5po5sr6O2A3P25TYjvV0 l
X-Sonic-MF: <lloyd.wood@yahoo.co.uk>
X-Sonic-ID: 7feac98c-04fc-436c-967b-01ce089d43d1
Received: from sonic.gate.mail.ne1.yahoo.com by sonic303.consmr.mail.ir2.yahoo.com with HTTP; Fri, 5 Jan 2024 12:43:40 +0000
Date: Fri, 05 Jan 2024 12:41:37 +0000
From: lloyd.wood@yahoo.co.uk
To: Deb Cooley <debcooley1@gmail.com>, rlb@ipv.sx, jsha@eff.org, jdkasten@umich.edu
Cc: rdd@cert.org, ynir.ietf@gmail.com, lloyd.wood@yahoo.co.uk, acme@ietf.org, RFC Errata System <rfc-editor@rfc-editor.org>
Message-ID: <145154801.12995201.1704458497262@mail.yahoo.com>
In-Reply-To: <CAGgd1OetWp7k-dbRTNr4XT3K+seZGsWgO2rsMghYhXTefy+SJA@mail.gmail.com>
References: <20220502083134.BDA48E5311@rfcpa.amsl.com> <CAGgd1OeY01bGe+mgNo-UjjcFyYKGVLaBPgDFOJG1dusE+R9m-Q@mail.gmail.com> <CAGgd1OetWp7k-dbRTNr4XT3K+seZGsWgO2rsMghYhXTefy+SJA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_Part_12995200_1242260440.1704458497260"
X-Mailer: WebService/1.1.21952 YahooMailIosMobile
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/ZC4_lZ8r7UutQvJavMEIkPppY1A>
Subject: Re: [Acme] [Technical Errata Reported] RFC8555 (6950)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Jan 2024 12:43:46 -0000

Thanks for that.
Well, I stand by my detailed comments of (checks dates) two years ago. Which I had forgotten I ever even made!
I know, covid and all, but lately in the past few years I’ve been sensing a vibe of why-even-bother-submitting errata anyway. (and sitting in a Tokyo airport transit lounge, heavily jetlagged, is really not the place for me to do any detailed analysis.)
Perhaps reframing it as some security concern, since entropy, might prompt wider review? security types are quite keen on this stuff, and do tend to like rigour in specifications to close off implementation misunderstandings loopholes.
best

Lloyd Woodlloyd.wood@yahoo.co.uk

On Friday, January 5, 2024, 21:14, Deb Cooley <debcooley1@gmail.com> wrote:

I did some reading, some consulting, and some pondering.  I want to reject this errata.
1.  The original paragraph:  
token (required, string):  A random value that uniquely identifies
      the challenge.  This value MUST have at least 128 bits of entropy.
      It MUST NOT contain any characters outside the base64url alphabet
      and MUST NOT include base64 padding characters ("=").  See
      [RFC4086] for additional information on randomness requirements.
In my opinion this is sufficient.  It specifies how much entropy (w/ a ref), and specifies what cannot be included (padding, non-base54 characters).
Let me know if you have other thoughts.
Deb

On Thu, Jan 4, 2024 at 7:41 AM Deb Cooley <debcooley1@gmail.com> wrote:

opinions?  Does entropy have to be measured as a base64 encoded value?  

Deb 

On Mon, May 2, 2022 at 4:31 AM RFC Errata System <rfc-editor@rfc-editor.org> wrote:

The following errata report has been submitted for RFC8555,
"Automatic Certificate Management Environment (ACME)".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid6950

--------------------------------------
Type: Technical
Reported by: Lloyd Wood <lloyd.wood@yahoo.co.uk>

Section: GLOBAL

Original Text
-------------
token (required, string):  A random value that uniquely identifies
      the challenge.  This value MUST have at least 128 bits of entropy.

Corrected Text
--------------
token (required, string):  A random value that uniquely identifies
      the challenge.  This value MUST have at least 128 bits of entropy, which in the 
      base64url alphabet means a minimum string length of 22 characters if the full
      scope of the base64url alphabet is in use in the token, by:
                        log2(64^22) = 132 bits of entropy



Notes
-----
This standards-track document doesn't specify the string ramifications for entropy; I'd expect it to be called out to implementers, just the once, and then referred to later at other tokens.

If entropy is log2 the number of possible characters (64 if full base64url set of chars is in use) then 
log2 (64^21) = 126
log2 (64^22) = 132

so a minimum of 22 characters are needed to get a minimum of 128 bits of entropy in the token.

But, if the random value is specified using a subset of the base64url, say because the implementer doesn't like or use CAPITALS or (most likely) the punctuation symbols, then the token must necessarily be longer to meet the local implementer entropy requirement (though just losing only the punctuation marks means you're still good and meet the requirement with 22 characters). Not sure that matters so much on the wire.

I also have editing nits about base64url being defined clearly in ABNF just for Replay-Nonce:, but then both 'base64 alphabet' and 'base64url alphabet' are in use in the document, and base64url references are to RFC4648 via RFC7515, but those are to Base64url, not to base64url... it all seems a bit inconsistent editingwise. So all the references to 'base64 alphabet' should be to 'base64url alphabet' as defined in the doc, but it should really be 'Base64url alphabet' to be consistent with references?

(I really think that it should have been called 'Base-64_url alphabet' way back when to enphasise the punctuation use, but that ship has sailed.)

To me, 'base64 alphabet' is the a-zA-Z subset of base64... I think the document could be much clearer in this regard, and I hope any doc revisions taking into account all the other errata raised consider this too.

My thanks to Lee Maguire for pointing much of this out.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party  
can log in to change the status and edit the report, if necessary. 

--------------------------------------
RFC8555 (draft-ietf-acme-acme-18)
--------------------------------------
Title               : Automatic Certificate Management Environment (ACME)
Publication Date    : March 2019
Author(s)           : R. Barnes, J. Hoffman-Andrews, D. McCarney, J. Kasten
Category            : PROPOSED STANDARD
Source              : Automated Certificate Management Environment
Area                : Security
Stream              : IETF
Verifying Party     : IESG

v2.23.0 | Report a Bug | By Email