IETF Logo Mail Archive

Re: [Acme] WGLC for ACME DTN Node ID

Brian Sipos <BSipos@rkf-eng.com> Wed, 21 April 2021 12:48 UTC

Return-Path: <BSipos@rkf-eng.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2A233A2674 for <acme@ietfa.amsl.com>; Wed, 21 Apr 2021 05:48:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=rkf-eng.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d0j2_7Ybvi4q for <acme@ietfa.amsl.com>; Wed, 21 Apr 2021 05:48:54 -0700 (PDT)
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (mail-dm6nam12on2087.outbound.protection.outlook.com [40.107.243.87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B30023A2672 for <acme@ietf.org>; Wed, 21 Apr 2021 05:48:54 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=j1+pCPHYTwKO/dqcbeAuOILNGOWLqYSgqffyLJ9Sbx2TQBHGxAlhk0lFgXqCy030HBnlOODMF/cl2zMbI5kNFIB3+/IY/5OrimUrgAzmY7F/4PBnB2uMAKNpoCAgLN750wrJIlafM4eLzweLkUnGGcutk+SxqHUr0ZcQb1pOQPDGphh90ZDfyTI3sWpEpGICWFYSRn5FVhx76i1PcLRNpVaczytON+2pqKDoShrwlzIWWwCo527qhW12uuFojp54keO2YdwZMV3pK1JcjkVUD3ycjUus++sY6tSJ7esuvgg1zQbM3/8gp9VhxqYVM0ile3oCwrp32SaEA3UEf6PFEw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IiURLypMsK/xGt4dJupK4+P3imO2YE6Bh8nO+Ky4vQ0=; b=GDw35VlogJMl8SgK3HbU1aBsgBdhjQr79+K0DmamHCF6YKtTYKeH6PiOMzEzM8YjFyNa9NVvpQmFkImEKyea1SEQwIRWw0tkUxggEscFAChQBoCK27Z8pgMrJzeh38DMLAUtAVnoJY6orUBiJBjX+ABAhuPJfWi5QuguvSix9kJktHr8dk45vgZX0SFMmKnOXfYL1XB9kJfXGwpCSDNrV5zsH39Ihe8QMbF5XUcat1y32A7LqiZLKBeZshOPoeho/pSLfjHQQWL3rSb4qN4vHEmRHFbKgirrW3cUrlWcyQDcW5vCyDMO+PezR5+Jkz0bUI28mSr9AqkyTQtEoOJlZA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=rkf-eng.com; dmarc=pass action=none header.from=rkf-eng.com; dkim=pass header.d=rkf-eng.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rkf-eng.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=IiURLypMsK/xGt4dJupK4+P3imO2YE6Bh8nO+Ky4vQ0=; b=eHPAY3F3JuqKmlbEOVJ+Cm1qr/2XrFDF8Y3ferfc5e0Qth6LzFxqT0RhjhBn7PspAeJ+ne7swQs0fZdkhwWJiTQQK4GYryR3va0/3cPCLNoiBfO5h3OXGQ4wKL/VZrRVu7Q6Xofjshjw3lLD04Xtgr7uIJIg8Z6d0HpYLTTOSY0=
Received: from MN2PR13MB3567.namprd13.prod.outlook.com (2603:10b6:208:168::10) by MN2PR13MB2799.namprd13.prod.outlook.com (2603:10b6:208:f1::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4087.16; Wed, 21 Apr 2021 12:48:50 +0000
Received: from MN2PR13MB3567.namprd13.prod.outlook.com ([fe80::5db2:2ebc:2020:496f]) by MN2PR13MB3567.namprd13.prod.outlook.com ([fe80::5db2:2ebc:2020:496f%5]) with mapi id 15.20.4065.020; Wed, 21 Apr 2021 12:48:49 +0000
From: Brian Sipos <BSipos@rkf-eng.com>
To: "kaduk@mit.edu" <kaduk@mit.edu>
CC: "acme@ietf.org" <acme@ietf.org>, "ryan-ietf@sleevi.com" <ryan-ietf@sleevi.com>, "alexey.melnikov@isode.com" <alexey.melnikov@isode.com>
Thread-Topic: [Acme] WGLC for ACME DTN Node ID
Thread-Index: AQHXNqyrfSNCozHHr0WDM1PTxsWmzw==
Date: Wed, 21 Apr 2021 12:48:49 +0000
Message-ID: <b6059c8f63192033a06e8968279c97c60f1e77ba.camel@rkf-eng.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Evolution 3.40.0 (3.40.0-1.module_f34+11756+2e59385f)
authentication-results: mit.edu; dkim=none (message not signed) header.d=none;mit.edu; dmarc=none action=none header.from=rkf-eng.com;
x-originating-ip: [96.241.16.84]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: b4483b16-6cd5-4b39-df48-08d904c3cfb3
x-ms-traffictypediagnostic: MN2PR13MB2799:
x-microsoft-antispam-prvs: <MN2PR13MB27993CA04C6146AC02D29C839F479@MN2PR13MB2799.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 98uH4n+OirKSP6oO2B55W7XuazK5jIlosuu+ZqLZLbQvQoj/Ma3pOdY4sEtNIpoCSyN6S07VmrStj82O5HMQIN/Irdd4j2PZlqijlBaBC479V3GOAZMy+/KQRb860ZSBMAomQVXn3hVT77JKG64YezQQ+3jotwpwUhZQOuYs4U2WZEpBdqLQTomwK19Lrb7qmDdSC/OgAFQI0YkmeyyP3Z/Qi2UUj1o6x0ouSnXrYrdI++jMjQe48+3el0iIMFXAywg9Yfe0VlK0ri2xYcYFLUy5UvZr3DY6Hq2izg6R1d77o/yNC7ADBtJBw/XdbmgGl4tlCNiL3hRZjAsi34PmjDQnww/YLub4dbPqCPxhHOPOCg6CShj/kAl1eJm8DuvRioCE5LOsNPtvgiO4QlgyNtWAldoir4delaTIu2CjUjDuS2q058Xg/dl0Vb3G6A/PyHRXri+AkkPgGx/7FPPqC7heQz+1JkUjUW0rp5u7WyQXuZadkHsQD4eldFhOFiztiZh3TlpeF/E77QaUYOZxXbkbwiEXICH58HPWG2fAIZO4z6V+8Ha1ZMP97Wds9B0+fKn2guw0CuF1yEcfN+JcHHTgV4NgPygLcnDM7JDq+fk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR13MB3567.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(136003)(346002)(376002)(39830400003)(366004)(6916009)(6486002)(4326008)(66556008)(66446008)(478600001)(76116006)(5660300002)(66616009)(64756008)(66476007)(66946007)(86362001)(38100700002)(122000001)(2906002)(6512007)(99936003)(71200400001)(26005)(186003)(2616005)(83380400001)(36756003)(8676002)(6506007)(8936002)(54906003)(316002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 2YrIpdp72LpFEhcAf0As7Gbz0XSKBTNHBHK4ncE03slF+5vM5dQpxraVR/j8+SGcScO9ZR+ejdQtEd/KVWi4U235mBZ1n5HHkzwK/Cl5oxaasNXa+XYCCEbC+9GThH1lUCiAW72yHcDKF1HJmPVr7/F8WCNIkNEOcHGmFAI+bJTUmjx27HvVssb7yPFZudh5n31moBjvvve38nCOCVxvFv0+dzfW6AqFS7/i/VMOxOvyOu+JDanZNkO4Y89ydBvCvwuLhTHdqb4TB05FrXqpT7V29yOdIK3W/DoHrcuC7MU/h+FTf2MdmjTFAZz3cGBQa9oO99sXJGkP18DohPFfTnIssNhmxol2lNgla8md2aMJdoIZq3cPqgDUIdOhMmi3PlSl/WoSMoRuHc4CdMACOdgADPWe8iNzus8L80hV+/7VE1vSloTLkrN2uynKW5h078STIRN+QgOR1DZYspg/7HMeiVWRlxP3RRjspsGIDqBn3w2P4w/9O5AWZM6M9leK8kmNJFU71iZwArYDn3Qr0oCFc7zSI9xW86G8STuJIr6GQ3JidXMBwJ48McaLUOBL29ys/6EgFvGw+/Y4j6qKyDP46HIQ6PLvsReOXfvRmY9EXOSVUswTySuurTyH1CV5a81sRkbN7oL8SLC70fGbORgvIeufyFybrkvPuWFK+oQVeZRqC3JbvAO5ex9vXt0kH79Q4/45ImtDyCem0V7jvjOMZ3k3UeX/FYzjUwBfBxUKpQ+WMpIlSJTpdRyuoygEWDaw/o4/ArC39G4Wm78A2FfWvNfPetFk++T3eamaZ51onoX6zsORRS4TTSQTIChCR8Jnlk2FJmPZgWR4zoSJY4N+8vBO7dfYEGhLN7+M76yASR7Wue6V2eTZLV48TWzoADofFdr2j9wDY+IC+++hVM1H7aQ+bCgtjcwsxmM75jwbwTcouuZOL5fTHi/NWb0aWsVmoNhXRbXWMFZ4Ku5d61tnp60dtvtIWmvZdYvG/WgflAnUJUc/aZU5fv9SUTnqQsI59c6Eq5D7gwce8VeRAseWUWrxNt7bN4xQ0MUfn7P/lRHsDqWgNtqbCrzqjr98LIaW9jF14F5vRzhaFRkyZ0b+l7lr+oKL06FLLxtHT38f6gTvjSYBq/bkT07jn6acWvj7rtpaHiqdBd3qcTrLBcuU1aqmvn0wqiZro3n+/nc93YB0D9GUKhZgDT9iS5uRVEAPE+kvbuv/8HMwS9cAgaU9aJU9WOefYDHx9rf3fbxE8Tjt3nhE/BuDyJPWR26Rv3deJT0RpaRWFkvKJy7EbpYn+xmKHUPim0CYjSwnEW9ChxYi2+mopki1TL9CF+AD
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; micalg="sha-256"; protocol="application/pkcs7-signature"; boundary="=-eQ7zK6yNyhOdVEinXkva"
MIME-Version: 1.0
X-OriginatorOrg: rkf-eng.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR13MB3567.namprd13.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b4483b16-6cd5-4b39-df48-08d904c3cfb3
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Apr 2021 12:48:49.7882 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 4ed8b15b-911f-42bc-8524-d89148858535
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9AIMF3PYmuFJBpb5lJlOuGzpvkxknqkeT37Il9oOfTg41mCc+zinmW9ezeVjccds4eMLOsJDaoYfswGyuStI+Q==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR13MB2799
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/ZJdjXDizj78ux8D9TUoRPHPO6Pk>
Subject: Re: [Acme] WGLC for ACME DTN Node ID
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Apr 2021 12:49:00 -0000

Ben,
Thank you for the feedback. Given that this document is earlier in the stream,
we still have opportunities to improve its encoded structure or properties.

> My recollection from the email+S/MIME document (which is to be published as
> an RFC imminently) is that the token-part2 was playing the role of a way to
> bind the authorization to the specific ACME order.  I also wanted to have a
> unique identifier that binds the challenge email to the ACME order, and
> that aspect changed a fair amount during the review process, but IIRC we
> ended up with a bit of a fudge where the ACME exchange includes the "From:"
> header field for the challenge email, and that could be unique to the order
> but isn't required to be.

Unfortunately in the case of bundles the source must be a fixed Node ID so we
don't have the option of a similar challenge-specific address. Is there any
value in having the ACME server use a unique-but-constant-per-order, and shown-
to-the-client, <token-part1> value?
Currently the distinguishing characteristic of <token-part1> is that it _only_
comes via bundle so knowing it means that you've seen the challenge bundle
(which an on-path attacker can do equally as well) but this avoids the
possibility of a response bundle being able to be produced before the challenge
bundle is even received.

Any value in a three-part nonce token (as recommended earlier, the names can be
changed to reflect the use) as defined here?
* Part 1 arrives only via challenge bundle, unique to that bundle (not just the
order).
* Part 2 arrives only via ACME HTTPS, unique to the order.
* Part 3 is indicated in both the ACME HTTPS and the challenge bundle and
provides a unique filter in the tuple of (Source Node ID, token-part3). This
would be similar to the randomized email address.

> That said, I have a (very vague, for which I apologize) recollection that
> earlier in the evolution of the TCPCLv4 document there was an option where
> certain TLS certificates would have an indication that the CA asserts that
> the holder of the private key is trusted to provide its Node ID in the
> TCPCL SESS_INIT even if the Node ID itself is not included in the
> certificate.  If that indication from the CA was the id-kp-bundleSecurity
> EKU, then requiring ACME to always include that EKU in the issued
> certificate would have surprising semantics.  That said, it looks like in
> at least the latest version of the TCPCLv4 draft, id-kp-bundleSecurity does
> not play that role, so there is no issue.  I'm only mentioning it now
> because the potential scope of consequences is so large, and I am sure that
> you will do the right thing (assuming I have been able to describe the
> situation I'm worried about clearly enough).

You are correct in your conclusion. The last recommended security policy (sent
to the RFC editor) is to require a proper Node ID SAN and ignore any other SANs
present. There is no recommended policy about implying the ownership/validity of
a Node ID.

v2.23.0 | Report a Bug | By Email