IETF Logo Mail Archive

Re: [Acme] Short term certificates - two options

Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 21 July 2016 07:53 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9A4412DB5D for <acme@ietfa.amsl.com>; Thu, 21 Jul 2016 00:53:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SuxWiR883mRD for <acme@ietfa.amsl.com>; Thu, 21 Jul 2016 00:53:41 -0700 (PDT)
Received: from mail-wm0-x22e.google.com (mail-wm0-x22e.google.com [IPv6:2a00:1450:400c:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 43C7312DADB for <acme@ietf.org>; Thu, 21 Jul 2016 00:53:41 -0700 (PDT)
Received: by mail-wm0-x22e.google.com with SMTP id f65so12443265wmi.0 for <acme@ietf.org>; Thu, 21 Jul 2016 00:53:41 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=subject:to:references:cc:from:message-id:date:user-agent :mime-version:in-reply-to:content-transfer-encoding; bh=K2coebD+mv+SB488yPCN9fin4+BseWc/MfXBsMIM38s=; b=RWFG7Asz10DyYEve1f2raqZ59zCphzo1n0EFxdTASq+MTu9XsumKD5JtjCIHXZ6D9K on49235ZLMAlc/qwJ0s9tXHrPtezDIiGeszOehkNJB8Qer4R+GIhkZmszj+xwPImUmCi LY0SjDPN5pBW6XI5azc4S/x8ExiQeJLyCswGi4Zjvf2cn/RuAYqZoAoYDvr+vBs/lUB/ N432tgx2Ne/4McCDdSUnJnpIQSWB0lNwAhy2YTKUji/H/GAzF/nlq9oSmLURiwGazUEo odaCRIeb6X9cphZftJNZdNpYQFLKmrJT+EfEW2Q5j1P2wdis3wvVgxFrDZ1YcpkOCe7j q37g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:cc:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding; bh=K2coebD+mv+SB488yPCN9fin4+BseWc/MfXBsMIM38s=; b=FP9pHNBeMgYe1JGCrY/cZ/z1Nj/7XCE7nj4o2IrRd93tHs24cgR5Ry79h37aQDfJ8U Vut3yqSdT695YfQG+eyv0TjKMl+71gubESiZx1VOMasq976JDqXKrIzpb3MOARCyBeRL uai1l8SHe4arEBAbspJWGnVjOWlLD9SGduxdnqiAyCmi5df3k37YyqbfjZh0Wof+mvRW +jCP5eH7mL8iaXcxtn5rCSoXyYwWkFkaP3hoKlmzDU1/GHt8dkGS4P/0J+xjO4qUOnKm 2M+Ao2luGo1/dww+WnZ3Y2sRkArNmVV9rsycv5Stj4WKu5e6Pzs8VRo8bcXt4FmlPS06 01Vg==
X-Gm-Message-State: ALyK8tKihz9ijJzvdJZ1UjcE8nxvhYANQWIEHe54ODbu1EZGmOAcQ+bxGmnJNGiZ6iHIsg==
X-Received: by 10.28.125.80 with SMTP id y77mr15128304wmc.25.1469087618807; Thu, 21 Jul 2016 00:53:38 -0700 (PDT)
Received: from ?IPv6:2001:67c:370:176:9e8:5a45:fe66:4a21? ([2001:67c:370:176:9e8:5a45:fe66:4a21]) by smtp.gmail.com with ESMTPSA id h1sm5053169wjc.19.2016.07.21.00.53.38 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 21 Jul 2016 00:53:38 -0700 (PDT)
To: Chris Drake <cnd@geek.net.au>
References: <826ed7ae-9358-a3fc-f816-bc5074395f99@gmail.com> <1769480434.20160721073216@CryptoPhoto.com>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Message-ID: <630161d7-3859-a030-2965-89ce6935661d@gmail.com>
Date: Thu, 21 Jul 2016 09:53:37 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0
MIME-Version: 1.0
In-Reply-To: <1769480434.20160721073216@CryptoPhoto.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/dLDHTVaJ32LE_BsV3fdxfs_wtxU>
Cc: ACME WG <acme@ietf.org>
Subject: Re: [Acme] Short term certificates - two options
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jul 2016 07:53:46 -0000

Hi Chris,

The LURK CDN use case is described here: 
https://tools.ietf.org/html/draft-mglt-lurk-tls-use-cases-02#section-5.3

Personally I care more about the case of the TLS server being part of 
the cloud infrastructure (e.g. Amazon ELB or even an on-premise F5 box), 
and talking to enterprise-based servers that hold the long-term credentials.

Thanks,
	Yaron

On 20/07/16 23:32, Chris Drake wrote:
> Hi Yaron,
>
> What is the use case for these?
>
> Kind Regards,
> Chris Drake
>
>
> Wednesday, July 20, 2016, 7:51:57 PM, you wrote:
>
> YS> Hi,
>
> YS> At the LURK BoF this week there was some interest in having a solution
> YS> where a domain owner can delegate to some other entity (which we will
> YS> call "the TLS server") the authority to terminate TLS connections on its
> YS> behalf, using short-term certificates. These certificates allow the
> YS> domain owner to terminate the TLS server's authorization when necessary,
> YS> without requiring certificate revocation - which we know doesn't work
> YS> reliably. The certificates' validity is measured in days, e.g. 3 days.
>
> YS> First, I would like to request the working group to adopt short-term
> YS> certificates as a charter item.
>
> YS> Second, I would like the group's advice in choosing between two very
> YS> different approaches to this problem.
>
>
> YS> Option 1: Certificate Pull
>
> YS> This option is documented in the LURK draft [1], which will be modified
> YS> to include feedback received this week, specifically to use more
> YS> traditional certification request (CSR) flows. But the basic idea is
> YS> very simple:
>
> YS> 1. TLS server generates a CSR once every 3 days for www.example.com,
> YS> sends it to the domain owner using an authenticated REST API.
>
> YS> 2. Domain owner validates the CSR, forwards it to ACME server, gets back
> YS> a short-term cert.
>
> YS> 3. Domain owner returns the cert to the TLS server.
>
> YS> If something bad happens, the domain owner simply stops forwarding
> YS> requests from this particular TLS server.
>
>
> YS> Option 2: Certificate Delegation
>
> YS> This option moves more of the responsibility to the ACME server.
>
> YS> 1. Domain owner contacts the ACME server and obtains a "delegation
> YS> ticket" which is specific to the TLS server. The ticket is good for a
> YS> long period, e.g. 1 year.
>
> YS> 2. TLS server regularly contacts the ACME server, proves ownership of
> YS> the delegation ticket, and receives a short-term certificate.
>
> YS> If something bad happens, the domain owner contacts the ACME server and
> YS> revokes the delegation ticket.
>
>
> YS> Comparison:
>
> YS> 1. Option 2 is clearly more complicated to specify and to implement.
>
> YS> 2. Option 2 extends the ACME protocol. Many clients can ignore it, but
> YS> servers will need to implement it.
>
> YS> 3. Option 1 requires the domain owner to have a server available
> YS> regularly, even if it is only a short REST interaction once every few
> YS> days. Option 2 doesn't require any such server.
>
> YS> 4. Option 1 looks to the ACME server as a normal cert request, and
> YS> therefore will swamp the CT logs with lots of short-term certs. With
> YS> Option 2, we can log to CT the issuance of the delegation ticket instead
> YS> of the actual certificates.
>
>
> YS> I would appreciate your input!
>
> YS> Thanks,
>
> YS>       Yaron
>
>
> YS> [1] https://tools.ietf.org/html/draft-sheffer-lurk-cert-delegation-00
>
>
>
>

v2.23.0 | Report a Bug | By Email