IETF Logo Mail Archive

Re: [Acme] Short term certificates - two options

Carl Wallace <carl@redhoundsoftware.com> Wed, 20 July 2016 11:05 UTC

Return-Path: <carl@redhoundsoftware.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 497B612D0F7 for <acme@ietfa.amsl.com>; Wed, 20 Jul 2016 04:05:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=redhoundsoftware-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZFb9B01bXUuW for <acme@ietfa.amsl.com>; Wed, 20 Jul 2016 04:05:02 -0700 (PDT)
Received: from mail-qk0-x235.google.com (mail-qk0-x235.google.com [IPv6:2607:f8b0:400d:c09::235]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14DAD12D54F for <acme@ietf.org>; Wed, 20 Jul 2016 04:05:00 -0700 (PDT)
Received: by mail-qk0-x235.google.com with SMTP id x1so41370343qkb.3 for <acme@ietf.org>; Wed, 20 Jul 2016 04:05:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware-com.20150623.gappssmtp.com; s=20150623; h=user-agent:date:subject:from:to:message-id:thread-topic:references :in-reply-to:mime-version:content-transfer-encoding; bh=yhy1QgvvX3G9b6LQtNrIYoP3Ugsvy0c9AlIRxm8/1Xg=; b=lDyPe614tp1pHK1YOJ+CoPavi/Xqh7qCVvU2usZCHnuI8Uv58OJGIsEDO82MilKg1B fnIdPJgxd0TfvvRCkGSEIkVlwU1EAVjiLwFg4RdD9OmZ6Ud+QQw6Ul4lpFuQVIxw8IeK KWeuqcM8Rd7XSf6SQdJ2HgexXYM7mdYklfIlqk1qyvFZYK0Gt3oBVRZvBE8M4neKrAU4 hdtfictEZT7v2gnKN7GXwRg72uaIsr9Mo/TSwAbd3IYeBNA2tTQGP2xpTHEb6ZLBwym4 XpuvVHtcWB3Nebm/VCEEO9di4C+naQvjmD78+vudrYrlF4/8pjdoutnLob93+iMDPo5w gTAw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:references:in-reply-to:mime-version :content-transfer-encoding; bh=yhy1QgvvX3G9b6LQtNrIYoP3Ugsvy0c9AlIRxm8/1Xg=; b=Q5F1KVYXow+J4ficS8TurQla+qKBQc42Ku3i+t6mgD29U9PdOdcXfXiUU7oSKsfoxv c/7cOUGUMnz9WBRcBSut/hdbzNyf+5pJ1o4BhTXfKng3szVV41U3TZCN4mY1ul7Jg3op uz4xgAIoxJhoU5BEsyApmB0mSUpeqRXkDPpfMGL+hdc6WiDrbsmgTX9ljsfIq3DHFQHe hQwI6+c6LP8aqBvWxp/Fl9EWzdiS/mFH4S4Fjif6mCxjf1KvHD0QAXkJn79SUr72iaVH dDbDEwT2klzgWHgRl4IppRTzCTEkn9ffRQym7P8XRgwH5RO7TrigL1LShn/jkzzZ6UgJ 36Iw==
X-Gm-Message-State: ALyK8tJeE671OoqmJ3pzZyS03OsIL41PiXsV5EN5S06v3zNI6WNCeZCRGWJ00DmMC6v+Xg==
X-Received: by 10.55.166.149 with SMTP id p143mr57685557qke.79.1469012699106; Wed, 20 Jul 2016 04:04:59 -0700 (PDT)
Received: from [192.168.2.28] (pool-96-255-23-4.washdc.fios.verizon.net. [96.255.23.4]) by smtp.gmail.com with ESMTPSA id u6sm1097361qtu.43.2016.07.20.04.04.55 (version=TLS1 cipher=AES128-SHA bits=128/128); Wed, 20 Jul 2016 04:04:57 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/14.5.8.151023
Date: Wed, 20 Jul 2016 07:04:52 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, ACME WG <acme@ietf.org>
Message-ID: <D3B4CFB7.68DA1%carl@redhoundsoftware.com>
Thread-Topic: [Acme] Short term certificates - two options
References: <826ed7ae-9358-a3fc-f816-bc5074395f99@gmail.com>
In-Reply-To: <826ed7ae-9358-a3fc-f816-bc5074395f99@gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/aCGGj1KCdJXddtGAK28WiwFCCPs>
Subject: Re: [Acme] Short term certificates - two options
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Jul 2016 11:05:04 -0000


On 7/20/16, 5:51 AM, "Acme on behalf of Yaron Sheffer"
<acme-bounces@ietf.org on behalf of yaronf.ietf@gmail.com> wrote:

><snip>
>
>
>Option 2: Certificate Delegation
>
>This option moves more of the responsibility to the ACME server.
>
>1. Domain owner contacts the ACME server and obtains a "delegation
>ticket" which is specific to the TLS server. The ticket is good for a
>long period, e.g. 1 year.
>
>2. TLS server regularly contacts the ACME server, proves ownership of
>the delegation ticket, and receives a short-term certificate.

Would there be an indicator in the certificate indicating it is
essentially a proxy certificate? Ideally, relying parties could confirm
the domain owner had a role in the issuance of the certificate.

>
>If something bad happens, the domain owner contacts the ACME server and
>revokes the delegation ticket.
>
>
>Comparison:
>
>1. Option 2 is clearly more complicated to specify and to implement.
>
>2. Option 2 extends the ACME protocol. Many clients can ignore it, but
>servers will need to implement it.

Option 2 could take the form of a non-critical extension. The flow could
be something along these lines:

- TLS server generates a key pair and sends request for delegation ticket
to the domain owner
- The domain owner prepares an X.509 extension containing the key (or key
identifier), any constraints (e.g., name or validity) and the domain
owner's signature covering that information
- TLS server includes the extension in the request for a certificate
(short lived or otherwise but always consistent with constraints in the
extension)
- CA issues a certificate containing the non-critical extension
- TLS clients that want to understand the delegation can verify the
extension, others would carry on without processing the non-critical
extension

If this were always a long-lived certificate, the pre-certificate
mechanism in CT could be adapted with the domain owner signing instead of
the log (or maybe using CT exactly and acting as a special case log), but
this would complicate issuance.

>
>3. Option 1 requires the domain owner to have a server available
>regularly, even if it is only a short REST interaction once every few
>days. Option 2 doesn't require any such server.
>
>4. Option 1 looks to the ACME server as a normal cert request, and
>therefore will swamp the CT logs with lots of short-term certs. With
>Option 2, we can log to CT the issuance of the delegation ticket instead
>of the actual certificates.
>
>
>I would appreciate your input!
>
>Thanks,
>
>      Yaron
>
>
>[1] https://tools.ietf.org/html/draft-sheffer-lurk-cert-delegation-00
>
>_______________________________________________
>Acme mailing list
>Acme@ietf.org
>https://www.ietf.org/mailman/listinfo/acme

v2.23.0 | Report a Bug | By Email