IETF Logo Mail Archive

Re: [Acme] [EXT] Re: I-D Action: draft-ietf-acme-dtnnodeid-09.txt

Brian Sipos <brian.sipos+ietf@gmail.com> Thu, 08 September 2022 01:58 UTC

Return-Path: <brian.sipos@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4DD4CC1522A1 for <acme@ietfa.amsl.com>; Wed, 7 Sep 2022 18:58:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.104
X-Spam-Level:
X-Spam-Status: No, score=-6.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1ileMq9jVhWO for <acme@ietfa.amsl.com>; Wed, 7 Sep 2022 18:58:33 -0700 (PDT)
Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EE54C14CF1D for <acme@ietf.org>; Wed, 7 Sep 2022 18:58:33 -0700 (PDT)
Received: by mail-il1-x12a.google.com with SMTP id b17so8554294ilh.0 for <acme@ietf.org>; Wed, 07 Sep 2022 18:58:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=vphsw0Jk02zw+09h8Jhqi0qB/JXBWRKci3kiJH0mjQY=; b=YnnuM40qa3YWz7kab8OWVXcqfahNliAWz/g4YtIwENvK0cEWo6kT3OQ8lhqcuOwfdP BwiE4I9gxQCI3LeSdAghii+yGqz91zUl/e5nE7xo2QZUwOX8dp78LK1r8WwCnzh+X0Je 49NL1bbrqYzVhVHONiQRV/9l7kz/4pXbfw7r4rGyZW31uSwXGWS7SoVVgOlh8FGu8bWE A9N+SFUnzwnKpnRCFWaVj+v6cNiOuCumIvQdNAWu9OfCqEyk4U+BUd57+JQ0+WgvKiif W2x8okWjxTKwQzTerTLUYYFUJO8A4hj0gUYdMCGYnytvp5Dq7Q8jK/RMXRtpxwm2Xc5Z iL6w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=vphsw0Jk02zw+09h8Jhqi0qB/JXBWRKci3kiJH0mjQY=; b=OHFeUCuWCOofgbYwxpoSCjOcT0OC6UyKVkpv72UIyZdr0qmSr5/fG23FLLV44WB9iN iwCKgzdwgluKPO8tEYLWHGTghYtsxLLYqhBKSTYAOuHtHl1JrQDc1WvJcuzeNqYVSpj4 WEw0wulD11ILKL4UuYlv4HPD+Baio5pRQoSzY66ieGuC+amT8graaJutRwnKofW0Lg8y pK0NYU7DsX/yGTnKCOgo8Oez5hSMesVrXoFt00/tGYjMg2Oy9xarz08exTDDMM2yf4z4 5dPSSjPsFBuWFpjv2yV9AZjV+IDuZwOa2xRkDuPolmKzPNnbNCrasAQU9FYuc9P7qJiT YMpg==
X-Gm-Message-State: ACgBeo1Lb+U1dKrtNn/7/X4BVy4OtG5B1FSeGPEjSp7g7M5SKPs0QOl6 TAc4viHl4eddXx8Fgs+CSZSjw/aRq7OnmlHFRN8=
X-Google-Smtp-Source: AA6agR6fHY+KsqzEtCAyHr8UB4/vadTmySWfNtrVeVHtwnOtywksDyKMOPg4WJrnDVQObTuDxTWgfkZeBzj7FhmF+xo=
X-Received: by 2002:a05:6e02:1d8b:b0:2f1:6435:bfb5 with SMTP id h11-20020a056e021d8b00b002f16435bfb5mr695961ila.197.1662602312693; Wed, 07 Sep 2022 18:58:32 -0700 (PDT)
MIME-Version: 1.0
References: <164626769621.28373.14001307971144520385@ietfa.amsl.com> <CAM1+-gjWA9DYp1vuoaaQKSPHBe0ox-MWtWO3ZU7sPHsQBJeKtA@mail.gmail.com> <BN2P110MB1107FB763ED574E300071AE3DC159@BN2P110MB1107.NAMP110.PROD.OUTLOOK.COM> <CAGgd1OeLpu3AEYuYJDTk02TpqPMMSEys_QQOJC1EAyMH9O6-yg@mail.gmail.com> <CAGgd1OdYeTXGjC-Rf+vCJbYb4u-MXEaJsXfqkdZu9+D1XGco4A@mail.gmail.com> <54419b031a6f49d08e72c07644b00fd8@jhuapl.edu> <CAGgd1OdE=Cbo+q7EfEx8yifHE23JR+0BaaJeXN2ZyVVChCnmUQ@mail.gmail.com> <CAGgd1Ocb+CvBmMmJY5AWoHZRgoKK97ZimGzRLVBezJqRsN2rUQ@mail.gmail.com> <8a93caf4-a5b7-4c43-c2c2-56cd05161c1f@cs.tcd.ie>
In-Reply-To: <8a93caf4-a5b7-4c43-c2c2-56cd05161c1f@cs.tcd.ie>
From: Brian Sipos <brian.sipos+ietf@gmail.com>
Date: Wed, 07 Sep 2022 21:58:21 -0400
Message-ID: <CAM1+-gikUgjWKr-3T6NvFkxKewLS5YN_uhppiwYsmpMQVza8Gg@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Deb Cooley <debcooley1@gmail.com>, IETF ACME <acme@ietf.org>, Dorothy E Cooley <decoole@radium.ncsc.mil>, "Sipos, Brian J." <Brian.Sipos@jhuapl.edu>
Content-Type: multipart/alternative; boundary="000000000000403fa105e820c461"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/d3LZqB0kxkIdvumYI5q7VIbPtCs>
Subject: Re: [Acme] [EXT] Re: I-D Action: draft-ietf-acme-dtnnodeid-09.txt
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Sep 2022 01:58:35 -0000

Stephen,
All of your interpretations look correct to me; thank you for this
insightful review!

I can add a paragraph to Section 1.1 "Scope" explaining what the experiment
actually is and what it is not. I agree that the ACME validation is the
well-understood portion and the utility of the mechanism is the actual
experiment.

The rationale for Section 3.5 is really to maintain parity with the
existing ACME validation methods and to explain to implementations what
assumptions to avoid (e.g., there's no longer a prior known source endpoint
for the Challenge Bundle, keep responding until the client tells you to
stop). Even though this is getting into more complex scenarios than the
basic experiment of usefulness, I would like to keep the guidance in there
for consistency of logic if someone does want to use multi-perspective. The
whole thing is conditioned on "When required by policy ..." so it's really
all optional.

I am going to track proposed changes as part of a github ticket [1] and, if
you don't mind, would like to hash out any more details in that ticket and
an eventual pull request.
Thanks,
Brian S.

[1] https://github.com/BrianSipos/acme-dtnnodeid/issues/4

On Sat, Sep 3, 2022 at 4:38 PM Stephen Farrell <stephen.farrell@cs.tcd.ie>
wrote:

>
> Hiya,
>
> Someone asked me to look at this draft, so I did:-)
>
> On 18/08/2022 11:13, Deb Cooley wrote:
> > A reminder:  we need a few more eyes on this draft to move it forward.
>
> Overall, I think the draft is ready for experiments on which
> nothing much (yet) depends, but not ready for deployments
> that do need some predictable forms of security guarantee and
> I don't think that distinction is clear enough in the draft
> as of now. (Or, I missed it:-)
>
> The draft does aim to become an experimental RFC, which is
> good, but I think would benefit from some text saying that
> the practical security benefits from the mechanism described
> here is most of the experiment. (IOW, the experiment here is
> mainly about the security resulting from use of this protocol
> and not experimentation as to whether this protocol will
> otherwise work or not.)
>
> A few brief reasons for the above:
>
> - The emergent security properties of DTN naming and routing
> schemes are mostly unknowns if we compare those against what
> we know of security based on DNS and BGP (or email).
> - DTN routing is far likelier to involve nodes that broadcast
> or multicast or use spray-and-wait so there will be notably
> more on-path nodes who could cheat, not all of which will be
> "well known" (e.g. some passing data mule).
> - Last I know of, (which is a while ago) BIB deployment was
> still notional. That may have changed in some DTNs but I'm
> also unaware that DTN security mechanisms like the BIB are
> being used to secure bundles between independent DTNs.
>
> A not-quite-nit on the text itself: section 3.5 seems odd.
> I'm not sure for what DTN topologies this might make sense
> as an added security mechanism, but I'd not be surprised
> if it provided no added benefit, if the ACME server were in
> a well-connected region that has basically one gateway to
> each DTN that's less well-connected. I don't know if the
> ACME or DTN WGs considered that though, maybe they did, but
> I'd probably delete that section as figuring out whether
> such mechanisms add value for DTNs as they do for the DNS
> is part of the experiment I'd guess and so it'd be a bit
> soon to include such recommendations now.
>
> Cheers,
> S.
>
> >
> > Deb (and Yoav)
> >
> > On Thu, Jul 28, 2022 at 8:19 PM Deb Cooley <debcooley1@gmail.com> wrote:
> >
> >> Dear ACME,
> >>
> >> We need to get some eyes on this draft - draft-ietf-acme-dtnnodeid.  If
> >> you have time, please take a look and let us know whether you think it
> is
> >> ready (or make comments).  We are hoping to get this draft finished!
> >>
> >> Deb Cooley
> >>
> >> On Tue, May 24, 2022 at 5:29 PM Sipos, Brian J. <Brian.Sipos@jhuapl.edu
> >
> >> wrote:
> >>
> >>> All,
> >>>
> >>> I haven’t seen any reviews of the last draft version -09. I hope that
> the
> >>> closer alignment with RFC 8823 makes its understanding and analysis
> easier.
> >>>
> >>>
> >>>
> >>> *From:* Acme <acme-bounces@ietf.org> *On Behalf Of *Deb Cooley
> >>> *Sent:* Tuesday, May 24, 2022 7:39 AM
> >>> *To:* IETF ACME <acme@ietf.org>; Brian Sipos <
> brian.sipos+ietf@gmail.com>
> >>> *Cc:* Roman Danyliw <rdd@cert.org>; Dorothy E Cooley <
> >>> decoole@radium.ncsc.mil>
> >>> *Subject:* [EXT] Re: [Acme] I-D Action:
> draft-ietf-acme-dtnnodeid-09.txt
> >>>
> >>>
> >>>
> >>> *APL external email warning: *Verify sender acme-bounces@ietf.org
> before
> >>> clicking links or attachments
> >>>
> >>>
> >>>
> >>> Did we ever get reviews on the updated draft?  If not, can we get some
> >>> (or revive the) volunteers?
> >>>
> >>>
> >>>
> >>> Deb Cooley
> >>>
> >>>
> >>>
> >>> On Mon, Mar 21, 2022 at 7:12 AM Deb Cooley <debcooley1@gmail.com>
> wrote:
> >>>
> >>> It is on the agenda.  We will ask for volunteers to review.
> >>>
> >>>
> >>>
> >>> Deb
> >>>
> >>>
> >>>
> >>> On Sun, Mar 20, 2022 at 5:29 PM Roman Danyliw <rdd@cert.org> wrote:
> >>>
> >>> Hi!
> >>>
> >>>
> >>>
> >>> We’re past IETF LC in terms of document processing and -08 and -09
> appear
> >>> to have changed protocol behavior.  Since there hasn’t been any
> discussion
> >>> about this on the mailing list yet, I’d like to ask the WG to review
> these
> >>> changes (
> >>>
> https://www.ietf.org/rfcdiff?url1=draft-ietf-acme-dtnnodeid-07&url2=draft-ietf-acme-dtnnodeid-09
> ).
> >>> Please raise any objections by Friday April 1.
> >>>
> >>>
> >>>
> >>> Helpfully, this document is on the ACME meeting agenda tomorrow at IETF
> >>> 113.
> >>>
> >>>
> >>>
> >>> Regards,
> >>>
> >>> Roman
> >>>
> >>>
> >>>
> >>> *From:* Acme <acme-bounces@ietf.org> *On Behalf Of *Brian Sipos
> >>> *Sent:* Wednesday, March 2, 2022 11:27 PM
> >>> *To:* IETF ACME <acme@ietf.org>
> >>> *Subject:* Re: [Acme] I-D Action: draft-ietf-acme-dtnnodeid-09.txt
> >>>
> >>>
> >>>
> >>> All,
> >>>
> >>> I have posted an update to the Node ID Validation document which
> updates
> >>> references to now-published DTN RFCs (yay!) and adds algorithm agility
> for
> >>> the Key Authorization Digest to avoid the validation method being
> stuck on
> >>> SHA-256. It does add a publication dependency on the COSE hash
> document,
> >>> but that is in AUTH48 (though it's been stuck in that state for some
> time
> >>> now).
> >>>
> >>> Comments are welcome and can be discussed at the next IETF.
> >>>
> >>> Brian S.
> >>>
> >>>
> >>>
> >>> On Wed, Mar 2, 2022 at 7:35 PM <internet-drafts@ietf.org> wrote:
> >>>
> >>>
> >>> A New Internet-Draft is available from the on-line Internet-Drafts
> >>> directories.
> >>> This draft is a work item of the Automated Certificate Management
> >>> Environment WG of the IETF.
> >>>
> >>>          Title           : Automated Certificate Management Environment
> >>> (ACME) Delay-Tolerant Networking (DTN) Node ID Validation Extension
> >>>          Author          : Brian Sipos
> >>>          Filename        : draft-ietf-acme-dtnnodeid-09.txt
> >>>          Pages           : 31
> >>>          Date            : 2022-03-02
> >>>
> >>> Abstract:
> >>>     This document specifies an extension to the Automated Certificate
> >>>     Management Environment (ACME) protocol which allows an ACME server
> to
> >>>     validate the Delay-Tolerant Networking (DTN) Node ID for an ACME
> >>>     client.  The DTN Node ID is encoded as a certificate Subject
> >>>     Alternative Name (SAN) of type otherName with a name form of
> >>>     BundleEID and as an ACME Identifier type "bundleEID".
> >>>
> >>>
> >>> The IETF datatracker status page for this draft is:
> >>> https://datatracker.ietf.org/doc/draft-ietf-acme-dtnnodeid/
> >>>
> >>> There is also an HTML version available at:
> >>> https://www.ietf.org/archive/id/draft-ietf-acme-dtnnodeid-09.html
> >>>
> >>> A diff from the previous version is available at:
> >>> https://www.ietf.org/rfcdiff?url2=draft-ietf-acme-dtnnodeid-09
> >>>
> >>>
> >>> Internet-Drafts are also available by rsync at rsync.ietf.org:
> >>> :internet-drafts
> >>>
> >>>
> >>> _______________________________________________
> >>> Acme mailing list
> >>> Acme@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/acme
> >>>
> >>> _______________________________________________
> >>> Acme mailing list
> >>> Acme@ietf.org
> >>> https://www.ietf.org/mailman/listinfo/acme
> >>>
> >>>
> >
> >
> > _______________________________________________
> > Acme mailing list
> > Acme@ietf.org
> > https://www.ietf.org/mailman/listinfo/acme
>

v2.23.0 | Report a Bug | By Email