IETF Logo Mail Archive

Re: [Acme] Obtaining the Tor hidden service descriptor for draft-ietf-acme-onion

Q Misell <q@as207960.net> Mon, 16 October 2023 18:10 UTC

Return-Path: <q@as207960.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21AA0C14F74E for <acme@ietfa.amsl.com>; Mon, 16 Oct 2023 11:10:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=as207960.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7o5sPleFZDOV for <acme@ietfa.amsl.com>; Mon, 16 Oct 2023 11:10:54 -0700 (PDT)
Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39607C14CEF9 for <acme@ietf.org>; Mon, 16 Oct 2023 11:10:53 -0700 (PDT)
Received: by mail-wm1-x32d.google.com with SMTP id 5b1f17b1804b1-40572aeb6d0so47665855e9.1 for <acme@ietf.org>; Mon, 16 Oct 2023 11:10:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=as207960.net; s=google; t=1697479851; x=1698084651; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=T2HHE0mju40G1eWjqOLeJW2axuy55sm2/mrT6IcxoBs=; b=Ob6x5aR3fB+j5lpucWzozvJjnVHPL2zY3kwn3VYJ0m2uGKKimpiWwaBkhMZvQiiDG1 WIC+FlugktNJqg9WIDaszYaeQjcan48P0WEyF/s+fg+hsYwKnVhRjlZ8xwPxgNyOuMi9 k130QYDvlrHBrKxsLpal0P6r6ZOEkzx9I/XVR/0w79GdTIzUlbfuBTT11m2uvfKzavfw C55+x7fhtRZDgA9Tk8OpkaRC/0ZoaJq7q8JfUO0FqqUGKS9dySwNNplAp9Nry5b1MIB9 Vgl5ANMa9RgyhS6ssXE7/miheaFrITrCzSoyxUA2v2URvdWal5hkAtin19IEoAHmmeve 0T2g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697479851; x=1698084651; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=T2HHE0mju40G1eWjqOLeJW2axuy55sm2/mrT6IcxoBs=; b=QeC7pqRHbSFanAY0wLPD33EbBdTI1bbw3nFkyNqceegedzHz2yJrC0k1eFkZvNVCYN fvf/hBYGks2Z4DsH6VEwYGgex6SD7K7jrCmo0TqA27b6/Gos4D78b3BnjldS6rxHOSsH 7hkmAnEBRKYyxyrbU6L+wFRs/QyuexxWNPfsParmpBoObVdhDpRMm5StUBqxqhe2kGDA nOB4e3jzLoQKUxQwh4p3oUuaGpzlmKSqE6VWcwqfMgdOWY8Jo6uK1et2RyV2GMNrhsgg n+qQalLPCTsBkF8mOj1hEWpFZzb3AgxTW+O2RYlJoorjaJ75xiGz9Bruxv2EfOg3JcRq Viwg==
X-Gm-Message-State: AOJu0Yx0NDmnWIlS9m/li1V5iZD42nGc0087d5Z+Up3aIYKK/fOs75Nn Nbh15rFyPSjoIxVcfx3wSgpLx+pZ/QrmSdemP0Vmug==
X-Google-Smtp-Source: AGHT+IHBau05kIYxaHFEpXxIoHQ6frukbuudq77+IAPL/r4oXXcgRrG5ZKYsrEqQ3OPwgRHHcof6r2v6wJCFvPHje0U=
X-Received: by 2002:adf:cf03:0:b0:32d:a405:b6b7 with SMTP id o3-20020adfcf03000000b0032da405b6b7mr169010wrj.32.1697479851191; Mon, 16 Oct 2023 11:10:51 -0700 (PDT)
MIME-Version: 1.0
References: <CAMEWqGvnrgp=f4eO1nQ9hzzCnY2z-pxE8fyQvHnzTDYCx-jq6A@mail.gmail.com> <ZSWikYeVECjUrLM0@localhost> <CAMEWqGuJMA99nF8QCC+mJS3N1hSu3Gakvh+=bgo5H-VDgK8Z9g@mail.gmail.com> <CAMEWqGvN1n91eNZzZNfPQ89-Xoj-d9f_rPy0t_byneeDhxNStg@mail.gmail.com>
In-Reply-To: <CAMEWqGvN1n91eNZzZNfPQ89-Xoj-d9f_rPy0t_byneeDhxNStg@mail.gmail.com>
From: Q Misell <q@as207960.net>
Date: Mon, 16 Oct 2023 19:10:14 +0100
Message-ID: <CAMEWqGt-+xxw3amX17Q247L0HiirAz5aDy7YWPFfSDGp5iMH+g@mail.gmail.com>
To: rhatto <rhatto@torproject.org>
Cc: Q Misell <q=40as207960.net@dmarc.ietf.org>, IETF ACME <acme@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000008b519a0607d95338"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/dMScYDE6w6us_T0qD5mUUN_75Do>
Subject: Re: [Acme] Obtaining the Tor hidden service descriptor for draft-ietf-acme-onion
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Oct 2023 18:10:59 -0000

Hi all,

In-band CAA is now implemented on the reference CA at
https://acmeforonions.org and in the certbot-onion
<https://pypi.org/project/certbot-onion/> plugin.
draft-ietf-acme-onion-01 has also been published with the in-band CAA spec
(refined from my last email from issues that arose during implementation).

Cheers,
Q
------------------------------

Any statements contained in this email are personal to the author and are
not necessarily the statements of the company unless specifically stated.
AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace,
Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company
registered in Wales under № 12417574
<https://find-and-update.company-information.service.gov.uk/company/12417574>,
LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876
<https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU
VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №:
522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru
maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca
Digital, is a company registered in Estonia under № 16755226. Estonian VAT
№: EE102625532. Glauca Digital and the Glauca logo are registered
trademarks in the UK, under № UK00003718474 and № UK00003718468,
respectively.


On Fri, 13 Oct 2023 at 17:19, Q Misell <q@as207960.net> wrote:

> I've found some time to specify in-band CAA, a quick first draft is in the
> working draft[1]. Looking forward to hearing people's thoughts.
>
> [1]:
> https://as207960.github.io/acme-onion/draft-ietf-acme-onion.html#name-alternative-in-band-present
> ------------------------------
>
> Any statements contained in this email are personal to the author and are
> not necessarily the statements of the company unless specifically stated.
> AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace,
> Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company
> registered in Wales under № 12417574
> <https://find-and-update.company-information.service.gov.uk/company/12417574>,
> LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876
> <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867.
> EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №:
> 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru
> maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca
> Digital, is a company registered in Estonia under № 16755226. Estonian VAT
> №: EE102625532. Glauca Digital and the Glauca logo are registered
> trademarks in the UK, under № UK00003718474 and № UK00003718468,
> respectively.
>
>
> On Tue, 10 Oct 2023 at 21:22, Q Misell <q@as207960.net> wrote:
>
>> Hi Silvio,
>>
>> Thanks for that info, that's quite helpful.
>>
>> I think the idea of allowing the client to just send the CAA lines signed
>> by its key would work well, and remove most if not all of the problems I've
>> been running into.
>> I'll work on implementing that in my draft, and see how difficult it'd be
>> to get that part only working in Boulder (as Let's Encrypt have already
>> indicated that they won't be implementing http-01 and tls-alpn-01 for
>> hidden services).
>>
>> Cheers,
>> Q
>> ------------------------------
>>
>> Any statements contained in this email are personal to the author and are
>> not necessarily the statements of the company unless specifically stated.
>> AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace,
>> Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company
>> registered in Wales under № 12417574
>> <https://find-and-update.company-information.service.gov.uk/company/12417574>,
>> LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876
>> <https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867.
>> EU VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №:
>> 522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru
>> maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca
>> Digital, is a company registered in Estonia under № 16755226. Estonian VAT
>> №: EE102625532. Glauca Digital and the Glauca logo are registered
>> trademarks in the UK, under № UK00003718474 and № UK00003718468,
>> respectively.
>>
>>
>> On Tue, 10 Oct 2023 at 20:14, rhatto <rhatto@torproject.org> wrote:
>>
>>> On Thu, Sep 07, 2023 at 04:55:51PM +0100, Q Misell wrote:
>>> > I've had some discussion recently with the Tor project on
>>> implementation
>>> > hurdles for draft-ietf-acme-onion. One concern that has been raised by
>>> a few is
>>> > the need to run a Tor client to validate requests, even with
>>> onion-csr-01, due
>>> > to the inclusion of CAA in the draft.
>>>
>>> Hi Q, and thanks for bringing this up.
>>>
>>> > One solution proposed to this is that the ACME client MAY[1] send the
>>> hidden
>>> > service descriptor to CA as part of the finalize request. The CA also
>>> MAY
>>> > require this, if they do not wish to run a Tor client. This, to my
>>> knowledge,
>>> > wouldn't reduce the security of the validation of CAA, as the
>>> descriptor
>>> > document is still cryptographically validated in the same way using
>>> the current
>>> > network consensus. Additionally the directory authorities that serve
>>> > descriptors are already non-trusted actors in Tor.
>>> >
>>> > The CA would still need a copy of the network consensus document to
>>> verify
>>> > the descriptor submitted by the client. Most directory authorities
>>> however
>>> > are reachable over standard HTTP over TCP, in addition to HTTP over
>>> Tor.
>>> > This would allow the CA to fetch the current consensus without any
>>> > connection to Tor. The consensus fetched this way would still be
>>> verified
>>> > against the trusted directory authorities of Tor[2].
>>>
>>> Specifically, the "valid-after", "fresh-until", and "hsdir_interval" are
>>> the only consensus items needed to parse, decrypt and validate an Onion
>>> Service descriptor.
>>>
>>> > What are people's thoughts on this, and more importantly, what
>>> problems do
>>> > people see with this?
>>>
>>> After a lengthy discussion with Tor developers, we suggest the following
>>> options, prioritizing the least complex:
>>>
>>> 0. ACME clients MAY send "valid-after", "fresh-until" and "hs_interval"
>>>    along with the descriptor, which would allow the ACME Server to verify
>>>    CAA in a stateless way, without bootstrapping Tor to fetch the
>>>    descriptor and without fetching the network consensus.
>>>
>>> 1. Only the descriptor is sent by the ACME client, so the ACME server
>>> would
>>>    need to fetch and cache the network consensus.
>>>
>>> 2. The ACME client does not send the descriptor, leaving to the ACME
>>> server
>>>    the job of fetching it, as stated on draft-ietf-acme-onion-00.
>>>
>>> For options 0 and 1 above, there are two ways that a consensus (or just
>>> the
>>> needed items) can be fetched either by ACME clients or servers:
>>>
>>> a. Through the Tor network, from one of many directory caches.
>>>
>>>    As this involves bootstrapping Tor, it makes more sense for ACME
>>>    clients to do this fetching, as clients are probably already connected
>>>    to Tor in order to run an Onion Service or to make the ACME request
>>>    through Tor.
>>>
>>> b. Doing HTTP over TCP, or HTTP over Tor to the directory authorities.
>>>
>>>    While this is supported nowadays, it's not guaranteed to work in the
>>>    long term, since this method is deprecated in favor of the approach
>>>    above, and DirAuths may even stop serving the consensus directly by
>>> HTTP
>>>    at some point.
>>>
>>>    This also requires checking the DirAuths' signatures in the consensus
>>>    document.
>>>
>>> > Should this be incorporated into the draft?
>>>
>>> Yes, we support this idea, but also note that, despite parsing and
>>> validating an .onion descriptor being relatively straightforward, it
>>> involves more code to be maintained.
>>>
>>> We understand that signed CAA parameters could be accepted directly in
>>> an ACME API request without reducing security and the need to process an
>>> entire descriptor.
>>>
>>> --
>>> Silvio Rhatto
>>> pronouns he/him
>>> _______________________________________________
>>> Acme mailing list
>>> Acme@ietf.org
>>> https://www.ietf.org/mailman/listinfo/acme
>>>
>>

v2.23.0 | Report a Bug | By Email