IETF Logo Mail Archive

[Acme] Re: 回复: Re: 回复: [EXTERNAL] Re: Introducting a new draft about adding a new ACME challenge type: public key challgenge

Q Misell <q@as207960.net> Wed, 27 November 2024 13:35 UTC

Return-Path: <q@as207960.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4737DC16943C for <acme@ietfa.amsl.com>; Wed, 27 Nov 2024 05:35:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=as207960.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id J28K3wdSRQYj for <acme@ietfa.amsl.com>; Wed, 27 Nov 2024 05:35:19 -0800 (PST)
Received: from mail-yb1-xb30.google.com (mail-yb1-xb30.google.com [IPv6:2607:f8b0:4864:20::b30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2FD60C09037E for <acme@ietf.org>; Wed, 27 Nov 2024 05:34:57 -0800 (PST)
Received: by mail-yb1-xb30.google.com with SMTP id 3f1490d57ef6-e396c98af22so90862276.1 for <acme@ietf.org>; Wed, 27 Nov 2024 05:34:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=as207960.net; s=google; t=1732714497; x=1733319297; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=YMTiUKyvfVh7hH7YVC1sbpSNEbCY9dSmJcpiqAOcpq8=; b=ZdeK1sNYiuFsErYNmmNkrmqYSZe49kGpAOJy4hb3wy06YillwuEhUFGELYJpIyLzoT oebE7UdymrOP/XD25QCt3/z5Q54lNn/dU0hHTMoalNaI1eH6nGIB0qqg7mEiY70CSYCD 32QBCjWcs5Twvd+V30476MWw8IPgB9gxd3Y2axkd/fhkhOPR2whN4kVSfnAQrdYyrpFn IQPoZaNzdyUhJtLE+9+nCPrScTwZSR32duaN1rAoz3WeonB0nl05TX6IchpXGJyC/BLh Xcvxrfskq0Gb22pBubY5njImLE7NWxP+kaUPqUBpS4xPevNNFzhe9J/LICD9F9G5PBnh MpPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732714497; x=1733319297; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YMTiUKyvfVh7hH7YVC1sbpSNEbCY9dSmJcpiqAOcpq8=; b=usKqNJBcZbXwSjlrNFkF958Y8ssf8JX3BOgnOXbtzIvENxOnaGLQF7JGgO4QKZ6qSW FY3nZEKQFbH9hz9Z5utjNGt1ZObc6iCB6ZpHs2K/iDhtrHasHN1B1nQdDqnaCYpj5X3N 5smH071YDIBkTocjnjojJubl+Q5vS136fybgc/OVr1KGUD4fArCyxz0iubwaWmMDaA1S KtB2rF1PKc4HgY04ko7HCRE/e51LYpGb1b9gsE53Ej9q6p1zfAaFPinG4CLVSNzuF3KY XCBV865gICugwq9iSKkUnkAQZGYDWysulWv5CxBRwZXnRZ2lBxRRA5B3f5+6cN7Dx6LG PnjA==
X-Forwarded-Encrypted: i=1; AJvYcCWqSPQDfC2yyOAXtDWlFjU7qBz1Q5351ypWxL8LlinKak72ZADiQ/AWNXspfeN838p7hnTX@ietf.org
X-Gm-Message-State: AOJu0YyDMMCl+4ds/1ayLAlh4R/0XKr5sp2LNWTpWUoE2uJxhBMe4/pA BbA9HBbTWMu9Uddy76q0XFVMDyzRK6zRofNfJg4vz/J4tlowcCi+7hwEqyxShQ7QRQR/cwP5GKj JWsJjmblNwgCzK5LGPIlpRAVsTWsUM58qK9ndFw==
X-Gm-Gg: ASbGnct9EAH0ZIxQpRHEPdpdeLMssWvaFDo03SK/1ZlX7UUiTGa55t6TE0wL7OpQa5e /rHNtzEXRkxR5rZ6N36bksAtpQMfrHPn8eDME+LTnNfjvjw==
X-Google-Smtp-Source: AGHT+IFSbIDGnShvfRownUS7PUIrsIzENOGIlOvQa9NjdFICz5YbRPva/94JycqsuSIyCsHFf8ttUyNK24zjb4uWLRY=
X-Received: by 2002:a05:6902:102d:b0:e38:8698:f84a with SMTP id 3f1490d57ef6-e395b86a0admr2693264276.11.1732714496785; Wed, 27 Nov 2024 05:34:56 -0800 (PST)
MIME-Version: 1.0
References: <1cef6a03e3b94cf0bbe9b0b4dea64203@huawei.com> <CAMEWqGsUDpdyc7opxYKNPpg6WnQCD56_5zaDUv6ysjrmYwG_Tg@mail.gmail.com> <CH0PR11MB573998C7B1781074E3E3133E9F2E2@CH0PR11MB5739.namprd11.prod.outlook.com> <73547adca6b4494faf2e5d3709c18c8b@huawei.com> <CAEmnErdyL9qkfQRw7USOX8-LYoCSQS7U0qCi1HQYkj_yWDiVBA@mail.gmail.com> <CAL02cgTCOwECrPpJ_WZghD0JO5ON_39mhfsDk1QaaQXRFOpCVg@mail.gmail.com> <8e0aebc38cc945bbab74dca308555ba1@huawei.com>
In-Reply-To: <8e0aebc38cc945bbab74dca308555ba1@huawei.com>
From: Q Misell <q@as207960.net>
Date: Wed, 27 Nov 2024 14:34:20 +0100
Message-ID: <CAMEWqGv6yR6x7i7a5ns_x3U0M7Wj8r4B=cA=v0W4nsBT-QzBdA@mail.gmail.com>
To: "Xialiang(Frank, IP Security Standard)" <frank.xialiang=40huawei.com@dmarc.ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001420730627e50831"
Message-ID-Hash: FSJ5XXW7UBID4MX3S3CY4M3TT4XLCYYX
X-Message-ID-Hash: FSJ5XXW7UBID4MX3S3CY4M3TT4XLCYYX
X-MailFrom: q@as207960.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-acme.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Richard Barnes <rlb@ipv.sx>, Aaron Gable <aaron@letsencrypt.org>, Mike Ounsworth <Mike.Ounsworth@entrust.com>, IETF ACME <acme@ietf.org>, "draft-geng-acme-public-key.authors@ietf.org" <draft-geng-acme-public-key.authors@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Acme] Re: 回复: Re: 回复: [EXTERNAL] Re: Introducting a new draft about adding a new ACME challenge type: public key challgenge
List-Id: Automated Certificate Management Environment <acme.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/dRj96PmeX0eIQWIE5Ec8hn0tFlY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Owner: <mailto:acme-owner@ietf.org>
List-Post: <mailto:acme@ietf.org>
List-Subscribe: <mailto:acme-join@ietf.org>
List-Unsubscribe: <mailto:acme-leave@ietf.org>

Frank, External Account Binding refers to RFC8555 § 7.3.4.
------------------------------

Any statements contained in this email are personal to the author and are
not necessarily the statements of the company unless specifically stated.
AS207960 Cyfyngedig, having a registered office at 13 Pen-y-lan Terrace,
Caerdydd, Cymru, CF23 9EU, trading as Glauca Digital, is a company
registered in Wales under № 12417574
<https://find-and-update.company-information.service.gov.uk/company/12417574>,
LEI 875500FXNCJPAPF3PD10. ICO register №: ZA782876
<https://ico.org.uk/ESDWebPages/Entry/ZA782876>. UK VAT №: GB378323867. EU
VAT №: EU372013983. Turkish VAT №: 0861333524. South Korean VAT №:
522-80-03080. AS207960 Ewrop OÜ, having a registered office at Lääne-Viru
maakond, Tapa vald, Porkuni küla, Lossi tn 1, 46001, trading as Glauca
Digital, is a company registered in Estonia under № 16755226. Estonian VAT
№: EE102625532. Glauca Digital and the Glauca logo are registered
trademarks in the UK, under № UK00003718474 and № UK00003718468,
respectively.


On Wed, 27 Nov 2024 at 09:13, Xialiang(Frank, IP Security Standard)
<frank.xialiang=40huawei.com@dmarc.ietf.org> wrote:

> Hi Richard,
>
> Thanks for your comments, see inline:
>
>
>
> *发件人:* Richard Barnes <rlb@ipv.sx>
> *发送时间:* 2024年11月26日 23:09
> *收件人:* Aaron Gable <aaron@letsencrypt.org>
> *抄送:* Xialiang(Frank, IP Security Standard) <frank.xialiang@huawei.com>;
> Mike Ounsworth <Mike.Ounsworth@entrust.com>; Q Misell <q@as207960.net>;
> IETF ACME <acme@ietf.org>; draft-geng-acme-public-key.authors@ietf.org
> *主题:* Re: [Acme] Re: 回复: [EXTERNAL] Re: Introducting a new draft about
> adding a new ACME challenge type: public key challgenge
>
>
>
> Looking at this thread and the document, I think there are two plausible
> objectives here:
>
>
>
> 1. Restricting issuance to clients that perform some secondary
> authentication (as the document seems to propose)
>
> 2. Removing the CSR from the protocol (as Aaron suggests)
>
>
>
> A "pubkey" identifier type is the wrong solution for both.
>
>
>
> Goal (1) can be solved today with external account binding.  Build an
> external thing that does whatever vetting you want on a client, then bind
> the vetted account to the ACME account.  If you wanted to make this a
> little more automated, you could do something like an OAuth or OpenID
> integration, but pulling the entire wild world of user authentication into
> ACME is the wrong answer.
>
> [Frank]: Can you clarify more about “external account binding” you mean
> here? I think our proposal is one of the binding, which is feasible, and
> more importantly, automated. If there any other external account binding
> methods have the same effect?
>
>
>
> Goal (2) is might not an unreasonable idea, but I would be concerned about
> (a) compatibility impacts with subjects, (b) compatibility impacts with CA
> back-end APIs, and (c) new cross-protocol risks usage of the certificate
> subject key pair (signing some JOSE thing as well as being used in TLS, vs.
> CSR+TLS, which has been done forever).  Even if we wanted to do this, then
> you don't need the whole machinery of ACME challenges.  You don't need an
> extensible set of ways to validate an ECDSA key, you need one, and probably
> not even one per algorithm -- you could just define a JWS structure that
> was the moral equivalent of a CSR and have the client attach it to an order.
>
> [Frank]: Concur with your concerns. The current ACME 3-phase design is
> good and provides enough compatibility.
>
>
>
> B.R.
>
> Frank
>
>
>
>
>
> On Tue, Nov 26, 2024 at 9:55 AM Aaron Gable <aaron=
> 40letsencrypt.org@dmarc.ietf.org> wrote:
>
> Hi all,
>
>
>
> I agree that it would be beneficial for the ACME protocol to have a pubKey
> identifier type, and to have challenges which can be used to prove control
> over the corresponding private key. However, it seems that I believe this
> would be useful for entirely different reasons than the authors here, and I
> am currently unconvinced by the motivations presented here.
>
>
>
> I believe that a pubKey identifier type is useful for two reasons:
>
> 1) it allows the CSR to be removed from the finalize request, as it will
> no longer be carrying any information that is not already found in other
> parts of the ACME protocol; and
>
> 2) proof-of-possession allows the ACME server to respect keyCompromise
> revocation requests which are signed by the Subscriber key instead of only
> accepting those which are signed by the certificate key.
>
>
>
> It seems that this draft is arguing for the inclusion of a pubKey type and
> corresponding challenges from a security perspective: that an adversary
> might replace the CSR in the finalize request and thereby get issuance of a
> certificate containing a malicious key. I must admit I do not understand
> this threat model.
>
>
>
> If the adversary is simply a network adversary between the legitimate
> Client and Server, then they cannot replace the CSR: the finalize request
> is signed by the ACME client key and cannot be tampered with without
> invalidating that signature. If the adversary is on the ACME client host,
> and has access to the ACME client key, then the game is already lost --
> that adversary *is* the Subscriber for all intents and purposes, and has
> significant latitude: they can change the ACME client key to one the victim
> doesn't control, they can (generally, based on the architecture of most
> clients) complete HTTP-01 and DNS-01 challenges, and they can prove
> possession of any private key they like.
>
>
>
> So I think that this document needs to be overhauled in two ways:
>
> - more clearly motivating the threat model: what exactly is the security
> issue being solved, and why is it import that it be solved; and
>
> - more clearly motivating the solution space: how do proof-of-possession
> challenges mitigate the threat, and why are this particular set of proposed
> challenges the best way to do so.
>
>
>
> Aaron
>
> _______________________________________________
> Acme mailing list -- acme@ietf.org
> To unsubscribe send an email to acme-leave@ietf.org
>
> _______________________________________________
> Acme mailing list -- acme@ietf.org
> To unsubscribe send an email to acme-leave@ietf.org
>

v2.38.3 | Report a Bug | By Email | System Status