Re: [Acme] High level comments on draft-barnes-acme (the GitHub version)

Jonathan Rudenberg <jonathan@titanous.com> Wed, 25 March 2015 22:23 UTC

Return-Path: <jonathan@titanous.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F9C51A03C7 for <acme@ietfa.amsl.com>; Wed, 25 Mar 2015 15:23:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.701
X-Spam-Level:
X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UvkUxJIo3ZEy for <acme@ietfa.amsl.com>; Wed, 25 Mar 2015 15:23:35 -0700 (PDT)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B92301A039A for <acme@ietf.org>; Wed, 25 Mar 2015 15:23:35 -0700 (PDT)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 2817E207E2 for <acme@ietf.org>; Wed, 25 Mar 2015 18:23:32 -0400 (EDT)
Received: from frontend2 ([10.202.2.161]) by compute4.internal (MEProxy); Wed, 25 Mar 2015 18:23:34 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=titanous.com; h= x-sasl-enc:content-type:mime-version:subject:from:in-reply-to :date:cc:content-transfer-encoding:message-id:references:to; s= mesmtp; bh=DoBvzdb7LDhGzO257bbOcO3KYzA=; b=VG9+SMKLVF8JMd7IOWAig tZaSGotACGBJQkNT7lm264392D3Wb0hZIBChOw5EkXom0v6VWj0r4/H6ckAqt6V5 bWq/4ejK1UIYQjRpQkRlKkG2znU97Zu1CDjbasxRZn8v9IP2moQIVelQVjQu/D9z bzyKvq3QfqbI1cxjYjcIvs=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=x-sasl-enc:content-type:mime-version :subject:from:in-reply-to:date:cc:content-transfer-encoding :message-id:references:to; s=smtpout; bh=DoBvzdb7LDhGzO257bbOcO3 KYzA=; b=hlXXa1PNKh2nzXbP/YzdeEc4HjIt5UXojIs2SJWeblbCPZoQkrNaTd4 3y8jJrhmiEkhmRLw5Nvm2BRlAQEzTk0m8BdHClqd7TNK6KpOXD5XMyPo0Zs9wcmk hboCeFhiPfgTQE6armMs/PhnFO+fcFfrtHfwHsqKaTLHSRi+YtPg=
X-Sasl-enc: mCTXkG7JciSncnbOISD2sp+mSTnp0xDB6ibqfbxxj+gO 1427322214
Received: from [10.0.1.144] (unknown [24.6.100.78]) by mail.messagingengine.com (Postfix) with ESMTPA id 532FA680105; Wed, 25 Mar 2015 18:23:34 -0400 (EDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\))
From: Jonathan Rudenberg <jonathan@titanous.com>
In-Reply-To: <CABtrr-V4++ayD4UV32maWiOSLyg=r3Gj-HNnDaizQ_WoF_4PjQ@mail.gmail.com>
Date: Wed, 25 Mar 2015 15:23:33 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <80E8C15A-8AC3-4C67-A299-C79BB4018B46@titanous.com>
References: <92B826AA-48E3-454C-85A9-600F84D539DD@ericsson.com> <9F77199A-98B7-4963-8EA3-552405B5342F@titanous.com> <B4953448-093A-4DB7-B81D-B09FE31E7B3F@ericsson.com> <CABtrr-V4++ayD4UV32maWiOSLyg=r3Gj-HNnDaizQ_WoF_4PjQ@mail.gmail.com>
To: Joseph Lorenzo Hall <joe@cdt.org>
X-Mailer: Apple Mail (2.2070.6)
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/_c9vKqK3NSqyCQy1BIGGrQX43uE>
Cc: "acme@ietf.org" <acme@ietf.org>, John Mattsson <john.mattsson@ericsson.com>
Subject: Re: [Acme] High level comments on draft-barnes-acme (the GitHub version)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2015 22:23:37 -0000

> On Mar 25, 2015, at 3:15 PM, Joseph Lorenzo Hall <joe@cdt.org> wrote:
> 
> On Wed, Mar 25, 2015 at 2:42 PM, John Mattsson
> <john.mattsson@ericsson.com> wrote:
>> 
>> 
>> On 25 Mar 2015, at 13:24, Jonathan Rudenberg <jonathan@titanous.com> wrote:
>> 
>> 
>> On Mar 25, 2015, at 9:35 AM, John Mattsson <john.mattsson@ericsson.com>
>> wrote:
>> 
>> Hi,
>> 
>> Some high level comments on draft-barnes-acme (the GitHub version)
>> 
>> 
>> - Security:
>> The security of this seems to need some serious rethinking. The “Domain
>> Validation with Server Name Indication” challenge seems totally nonsecure,
>> allowing ANY on-path attacker to get certificates issued. I think this
>> challenge is unacceptable for certificate issuance and I think it should be
>> removed. Just because I let Amazon, Microsoft, Google or any other cloud
>> provider run my web server does not mean I give them the right to request
>> certificates for my domain.
>> 
>> 
>> Thanks for pointing this out.
> 
> This seems like a big deal, no? That is, since SNI is one of the few
> things not protected in the TLS handshake, it does seem spoofable. If
> there's not something I'm missing, it seems like the proposal should
> just drop DVSNI altogether.

An active MITM attacker could compromise the Simple HTTPS validation as well, this is not a threat model that any current DV challenges address.

Jonathan