Re: [Acme] draft-misell-acme-onion
Seo Suchan <tjtncks@gmail.com> Sun, 16 April 2023 21:08 UTC
Return-Path: <tjtncks@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F3989C14F747 for <acme@ietfa.amsl.com>; Sun, 16 Apr 2023 14:08:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.595
X-Spam-Level:
X-Spam-Status: No, score=-0.595 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FROM_LOCAL_NOVOWEL=0.5, HK_RANDOM_ENVFROM=0.001, HK_RANDOM_FROM=0.999, HTML_MESSAGE=0.001, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ApFzPUGZgHOY for <acme@ietfa.amsl.com>; Sun, 16 Apr 2023 14:08:37 -0700 (PDT)
Received: from mail-pl1-x62a.google.com (mail-pl1-x62a.google.com [IPv6:2607:f8b0:4864:20::62a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A4926C14F736 for <acme@ietf.org>; Sun, 16 Apr 2023 14:08:37 -0700 (PDT)
Received: by mail-pl1-x62a.google.com with SMTP id d9443c01a7336-1a6817adde4so7340195ad.0 for <acme@ietf.org>; Sun, 16 Apr 2023 14:08:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1681679317; x=1684271317; h=in-reply-to:subject:from:references:cc:to:content-language :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=qN7dMWjJ085q1zuztbLMz4e8QVk446QH7cMopPjlnA4=; b=djLHO7uqg5uj4TMSKV4gP0s5Dxlk0YHGplB6hs9EbOy3qWK4nvRKyJ8lW2deuv5UjW 0rXvtrpN3eH4y8sOAOSbEq/1hX0MIa9u0X7Wcu0/zL2tnxwRjSaaxERBVKKbhIwE/RbG N4pSMf6ywCVTlQKi9LKzmZtBZc9DTW0kefGnWr27vpCV954V+UIxSV3RE4Yn9+LfIssn 8d0lXe0hI1yf+V1YKJxvxNTXXtEqjKk0EwPDEnI9qzKAGWhjoqfZ5Bu/CRjdzjcB3moH z5GQyxx9+EmhOUNvLrUzYdwZhS1O29EvaL36GySUsAEXibalIuhr8S9K2RX+wYYAAz2L hz+A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1681679317; x=1684271317; h=in-reply-to:subject:from:references:cc:to:content-language :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=qN7dMWjJ085q1zuztbLMz4e8QVk446QH7cMopPjlnA4=; b=gSKPLD5PoRJxgzFMdEye0PTBg8JOMIn+GiQqRzTnV3wALedwmtobc2Do9afqJ4CLci inyhjRzKzl8K3IWvyQUT7aBi71Vn5gfUJSAYS31cLS0648egBypXSDFcKaIfLoTHJjty vGY2ia+yMaux3wiM03gUo6U6z8CXgVU3ITB97tMNJxQFppAFsxBXsV6fAiqTrNy5vnub W31aFUNC/0RuR5clAJJeio7TUf7uz6/72+TNqjrGhqUaCsOXea6DEqfWu6YjPW7GHIsw UW+3L9lQklkM7KWa8dPVL/Pa3TRj8gYD6yNI1yhjoP1/l5+T7RJP2641W2iakDuJV3Yl p7uA==
X-Gm-Message-State: AAQBX9d61DbIj8KuziH74wDtZwQuON5tsXWAi//vfzZ2medYFLp1JTFq hWQ3BMLUxTO4oBg0hzjwi5+PXBtmuYc51g==
X-Google-Smtp-Source: AKy350YlWI/Jl2JI2IMFanpVUIZkjvyeGPjqFEDr66X5hWSaFlmMhPn3EUR1V4qq43Ls+DyggemNpg==
X-Received: by 2002:a05:6a00:2d89:b0:63b:7119:64a9 with SMTP id fb9-20020a056a002d8900b0063b711964a9mr10755780pfb.16.1681679316678; Sun, 16 Apr 2023 14:08:36 -0700 (PDT)
Received: from [192.168.1.30] ([59.5.237.171]) by smtp.gmail.com with ESMTPSA id d20-20020aa78e54000000b0062d7c0ccb3asm6334425pfr.103.2023.04.16.14.08.35 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 16 Apr 2023 14:08:36 -0700 (PDT)
Content-Type: multipart/alternative; boundary="------------RJl4GfWdy49gOx0p8zSOoFvx"
Message-ID: <0b2bf652-2e47-b3a0-dade-52ec0257de96@gmail.com>
Date: Mon, 17 Apr 2023 06:08:33 +0900
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Thunderbird/102.10.0
Content-Language: en-US
To: Q Misell <q@as207960.net>
Cc: acme@ietf.org
References: <CAMEWqGuuRsYF-EoFs44DSZ0X0z5iOuKa8iMC38Yuh24F0fWYXQ@mail.gmail.com> <214b80c1-b234-07ae-e33c-bda3d6c1f542@gmail.com> <CAMEWqGuTDGyEQ+ZsiMqo5q9XiYHLr4Uxrp0gUOi3vRFFPV6dKg@mail.gmail.com>
From: Seo Suchan <tjtncks@gmail.com>
In-Reply-To: <CAMEWqGuTDGyEQ+ZsiMqo5q9XiYHLr4Uxrp0gUOi3vRFFPV6dKg@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/ZXrQMyx45OBMj-m7csu2gSMoLoo>
Subject: Re: [Acme] draft-misell-acme-onion
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Apr 2023 21:08:42 -0000
I think this section implies CSR has to be signed by what subjectPublickeyinfo be used for verify it:
rfc2986 section 3 note 2.
Note 2 - The signature on the certification request prevents an
entity from requesting a certificate with another party's public key.
Such an attack would give the entity the minor ability to pretend to
be the originator of any message signed by the other party. This
attack is significant only if the entity does not know the message
being signed and the signed part of the message does not identify the
signer. The entity would still not be able to decrypt messages
intended for the other party, of course.
subject public key and subject entity's private key not being matching pair feels stretching the rule as written.
and even if csr is allowed I don't think merging finalization and challenge verify is a good idea here:
1. Pre-authorization (rfc8555 7.4.1) makes challenge may not have parent order.
2. a order capable of finalize in pending state makes ready state check useless, in boulder that's only place actually checks for order's validity before calling CA to sign the certificate
3. most acme CA moved to async order finalization, so it will move to processing if it wants or not.
2023-04-17 오전 12:58에 Q Misell 이(가) 쓴 글:
> Hi,
>
> Thanks for the comments. I'll fix the typos.
>
> With regard to running a Tor client or not I don't think it is too
> much of a ask from CAs to run a Tor client (it needn't even be that
> feature complete to simply fetch a HS descriptor), for the added
> benefit of CAA enforcement.
>
> Regarding your comment about CSRs I think you've misunderstood how the
> CSR is used. RFC2986 section 3 states that the
> CertificationRequestInfo contains the public key to be included in the
> final certificate (subjectPKInfo), whilst the entire
> CertificationRequest can be signed with a different key entirely, and
> this is what the CA/BF rules permit, and indeed what they were
> designed to achieve and how HARICA implements this.
>
> Thanks,
> Q
>
> On Sun, 16 Apr 2023 at 03:44, Seo Suchan <tjtncks@gmail.com> wrote:
>
> 5.2 has few typos CAA when it should mean CA: (CAA can't read any
> descriptor, it's a text)
>
> For running CAA in general, I think appendix B of CA/B BR method b
> made in a way that CA doesn't have to run Tor client at all. And
> it actually allows signing a cert for not yet hosted onion domain,
> given they control right private key to induce that domain name.
> In that case making CA required to run Tor client to read CAA
> conflicts this goal.
>
> And challenge 3.2, it doesn't work for public CA: in acme
> context, CSR's pubkey sent in finalization is what CA will sign,
> but for challange perspective key there need to be ed25519 key
> (because it's onion v3 private key,) but CA/B does not allow
> signing ed25519 key in TLS certificate, you can't reuse CSR for
> both purpose.
>
>
> 2023-04-16 오전 1:22에 Q Misell 이(가) 쓴 글:
>
>> Hi all,
>>
>>
>> Hope you've all recovered from IETF116, it was lovely seeing you
>> all there. Thanks to those who already gave me feedback on my draft.
>>
>> As promised in my brief presentation at the WG meeting, here's my
>> post introducing my draft draft
>> <https://datatracker.ietf.org/doc/draft-misell-acme-onion/>-misell-acme-onion
>> <https://datatracker.ietf.org/doc/draft-misell-acme-onion/> to
>> ease issuance of certificates to Tor hidden services.
>>
>> DigiCert and HARICA already issue X.509 certificates to Tor
>> hidden services but there is no automation whatsoever on this.
>> From my discussions with the Tor community this is something that
>> bothers them so I've taken to writing this draft to hopefully
>> address that.
>>
>> The draft defines three ways of validation:
>> - http-01 over Tor
>> - tls-alpn-01 over Tor
>> - A new method onion-csr-01, where the CSR is signed by the key
>> of the onion service
>>
>> An explicit non goal is to define validation methods not already
>> approved by the CA/BF, however if someone can make a compelling
>> argument for an entirely novel method I wouldn't be entirely
>> opposed to it.
>>
>> Looking forward to your feedback, and some indication that this
>> would be worth adopting as a WG draft.
>>
>> Thanks,
>> Q Misell
>>
>> _______________________________________________
>> Acme mailing list
>> Acme@ietf.org
>> https://www.ietf.org/mailman/listinfo/acme
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>
- [Acme] draft-misell-acme-onion Q Misell
- Re: [Acme] draft-misell-acme-onion Seo Suchan
- Re: [Acme] draft-misell-acme-onion Q Misell
- Re: [Acme] draft-misell-acme-onion Seo Suchan
- Re: [Acme] draft-misell-acme-onion Q Misell
- Re: [Acme] draft-misell-acme-onion Corey Bonnell
- Re: [Acme] draft-misell-acme-onion Seo Suchan
- Re: [Acme] draft-misell-acme-onion Q Misell