IETF Logo Mail Archive

[Acme] AD Review: draft-ietf-acme-star-04

Eric Rescorla <ekr@rtfm.com> Mon, 24 December 2018 20:18 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FEA2131122 for <acme@ietfa.amsl.com>; Mon, 24 Dec 2018 12:18:25 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TNjjhkP5996V for <acme@ietfa.amsl.com>; Mon, 24 Dec 2018 12:18:22 -0800 (PST)
Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57CC7131113 for <acme@ietf.org>; Mon, 24 Dec 2018 12:18:22 -0800 (PST)
Received: by mail-lf1-x133.google.com with SMTP id c16so8699240lfj.8 for <acme@ietf.org>; Mon, 24 Dec 2018 12:18:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=7axFdLXOf1GptXiZ6TRQCpx00q9DuY7/T+CXgmlXDdo=; b=jBSFBh9UD9wtRI1U+DUteEOiXOT4IJB5MeZSevR964TRKg54DWPox+g7edLlbWqstF N9gh6bToaZESAjwpMAhKAx9tL8jPPc/dbDppySsz69gUI2X3IWfUGR6ofsWrqIag4e/e Qww7bkYtR9svOTPLhbwHIfTflrw2G2Jhog88uqFvJircD9tk2qFUnKYfcn5omKSD22Xa U5SgkOIh6qrXVA4LPCk1nXy6Y1CPxs0ukrRGgrm17LHVHqgYt6RnLidUxgtk2WemZA5h EOjTRbNu4CZY0tCoZ5/NHcc8x3MYcgKQln8i9GKk1jGCWvkDlp/XwiUX+INvnMSljcvk XUtg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=7axFdLXOf1GptXiZ6TRQCpx00q9DuY7/T+CXgmlXDdo=; b=mB/Y8HTVXy4QRk67vOxDq235mkat177hk3A/0ST14PmPnclvWyNabASwRvgdl6QjZY SQT7P8PPcJlaDCIcNoPVRTAU0TeJaY5bidIArCJN+KjQXG0X+rYYfd53R7nd89tPii0g kJ8Kzq2fM+XqrKcfXDHMx5ktyC00nmhF5UkpW52Dqd77c1PaJp/H5L4V6PTw0f/kgOs6 0PuM/udiURnEIaJAFUEYeQ2I1iDLLSb7rVwgJhnQyZQdmekOcVtG5iy9S2TVXEUOvYQj ufyNf6t0s8gVZOPpBY3knzRsVU38I6MlU9FPFrh0RddyAUpHaa6iq8xmnuNGO5+JtcAH HtSA==
X-Gm-Message-State: AA+aEWYbjj522NW2sD0PXqHJWBDoXp7O9kU0dyuMt2NzdONG1QU4VlXy zX/9WQ7HEQxZh0wrUJ/y1ZhAJd0f2LrzcsK+ooflRA==
X-Google-Smtp-Source: AFSGD/Vkj+zERFLmZi4AMvBaSCvUz2msPBZCdmlGZVhPiVuot95OaUVCkg7tVcsZPjycLvGmTvYfe9aur9mMj8+z6k8=
X-Received: by 2002:a19:a9d2:: with SMTP id s201mr6737917lfe.154.1545682700475; Mon, 24 Dec 2018 12:18:20 -0800 (PST)
MIME-Version: 1.0
From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 24 Dec 2018 12:17:42 -0800
Message-ID: <CABcZeBMSXR_bQTf10mgBwvrjD=XZHughKvoE=kX7K6zDrY_qxw@mail.gmail.com>
To: draft-ietf-acme-star@ietf.org, IETF ACME <acme@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004c3475057dca4cde"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/a2bOpj0zDF6nRX_ybjTYA0d0K5c>
Subject: [Acme] AD Review: draft-ietf-acme-star-04
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Dec 2018 20:18:26 -0000

Rich version of this review at:
https://mozphab-ietf.devsvcdev.mozaws.net/D4723


After reviewing this document, I'd like to reconsider the proposed
status of this document. Based on Section 5, it doesn't appear that
there are any production implementations of this document. Are there
any existing or planned production implementations from live CAs or
clients?  If not, this seems like a better fit for Experimental.


IMPORTANT
S 3.4.
>         present and set to true, the client requests the server to allow
>         unauthenticated GET to the star-certificate associated with this
>         Order.
>
>      If the server accepts the request, it MUST reflect the key in the
>      Order.

it seems like some security considerations are needed here to prevent
enumeration.


S 4.1.
>      of clock-related breakage reports which account for clients that are
>      more than 24 hours behind - happen to be within 6-7 days.
>
>      In order to avoid these spurious warnings about a not (yet) valid
>      server certificate, it is RECOMMENDED that site owners pre-date their
>      Web facing certificates by 5 to 7 days.  The exact number depends on

I don't understand how this works. The client is able to provide the
notbefore date, which gives a pre-date for the first certificate, but
S 2.2 just says that the re-issue is "before the previous one
expires". So suppose it is currently 2018-07-15" and I ask for a
certificate with "recurrent-start-date=2018-07-10" and "recurrent-
certificate-validity=5", I thus get back a cert with validity
"2018-07-10 -- 2018-07-20", i.e., pre-dated by 5 days. The next
certificate needs to be issued on or before "2018-07-20", but the text
doesn't say when it's notbefore has to be, so it could have validity
"2018-07-19 -- 2018-07-25". It seems like this document needs to
specify an explicit way to pre-date, but it doesn't.


COMMENTS
S 1.
>      new short-term certificate is needed - e.g., every 2-3 days.  If done
>      this way, the process would involve frequent interactions between the
>      registration function of the ACME Certification Authority (CA) and
>      the identity provider infrastructure (e.g.: DNS, web servers),
>      therefore making the issuance of short-term certificates exceedingly
>      dependent on the reliability of both.

I don't see why this is the case. Once you have authorized once, the
CA can just return that no authorizations are required.


S 3.1.1.
>      o  recurrent-certificate-validity (required, integer): the maximum
>         validity period of each STAR certificate, an integer that denotes
>         a number of seconds.  This is a nominal value which does not
>         include any extra validity time which is due to pre-dating.  The
>         client can use this value as a hint to configure its polling
>         timer.

This text is confusing. The client produces the order, so how is it
using it as a hint.


S 3.1.2.
>
>      Issuing a cancellation for an order that is not in "valid" state has
>      undefined semantics.  A client MUST NOT send such a request, and a
>      server MUST return an error response with status code 400 (Bad
>      Request) and type
>      "urn:ietf:params:acme:error:recurrentCancellationInvalid".

This doesn't sound like undefined semantics. It's just illegal.

v2.23.0 | Report a Bug | By Email