Re: [Acme] SNI extension for tls-alpn-01 challenge in draft-ietf-acme-ip-05
Ryan Sleevi <ryan-ietf@sleevi.com> Wed, 24 April 2019 17:48 UTC
Return-Path: <ryan.sleevi@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52DE6120118 for <acme@ietfa.amsl.com>; Wed, 24 Apr 2019 10:48:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Level:
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EYnCZ9q8Pnrg for <acme@ietfa.amsl.com>; Wed, 24 Apr 2019 10:48:38 -0700 (PDT)
Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6881F120117 for <acme@ietf.org>; Wed, 24 Apr 2019 10:48:38 -0700 (PDT)
Received: by mail-ed1-f53.google.com with SMTP id k92so16685478edc.12 for <acme@ietf.org>; Wed, 24 Apr 2019 10:48:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jaap/sFX8RaOd+yrnOQ/ZDPR1XZBSfVF1InG3Z7Bl2o=; b=tBNz5JuksHnKteB2NphfnejGN9u1voQebW51Pc5EU3vdw8kdV0CALTyoDZWsX72uew AFEBqpEUryCzVzS36+oeyQDeY3rRHhKAViLEzDmJS7/zbvXwd3E3fdEDqr9UfXbF8qWI rP2oO4y7pgI8GmEtvuBzAb2/CAKXVBljq3pWFR5+lrCWiF/8X6b/AtyfQAMnvLjcnoge RgJjFZI2InA/feHir8JbSq0RptqhLqwPoKWuNmlFeYsZ/4w8c9taPvG2SO3hqDWSTy/Z M181+FehnXvJExHVckkkBBElTMV2psIsjrR3XtgjFbIE1B/ex7oN4tOQFjvxXj9c+Asj y/FQ==
X-Gm-Message-State: APjAAAVosqgxM2kv3efk6ZLoFzculLv9qkqS8CbrFd7xntJoPUWaJYBW QoXVSVamkRI54HuY8LXc/wfvreP9
X-Google-Smtp-Source: APXvYqw4LxnlRbOrSrYKRvzWUgKXkdi33pNxntBzcfxMQLrLI/cK9R+ZhzQPFBMe1dnO9az2aUtgHg==
X-Received: by 2002:aa7:c510:: with SMTP id o16mr20113658edq.277.1556128116692; Wed, 24 Apr 2019 10:48:36 -0700 (PDT)
Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com. [209.85.221.47]) by smtp.gmail.com with ESMTPSA id br19sm3700679ejb.48.2019.04.24.10.48.36 for <acme@ietf.org> (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Wed, 24 Apr 2019 10:48:36 -0700 (PDT)
Received: by mail-wr1-f47.google.com with SMTP id s15so26309652wra.12 for <acme@ietf.org>; Wed, 24 Apr 2019 10:48:36 -0700 (PDT)
X-Received: by 2002:adf:eb87:: with SMTP id t7mr23765733wrn.39.1556128115833; Wed, 24 Apr 2019 10:48:35 -0700 (PDT)
MIME-Version: 1.0
References: <MN2PR18MB28457CCBEF6FFE2B70E286FCC3250@MN2PR18MB2845.namprd18.prod.outlook.com> <20190424142331.GA502878@LK-Perkele-VII> <CAErg=HFZSo5XF8x9WtC=5tCcXFN3xweg2ewMZSZwh0ON8kWaNw@mail.gmail.com> <20190424173439.GA503906@LK-Perkele-VII>
In-Reply-To: <20190424173439.GA503906@LK-Perkele-VII>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Wed, 24 Apr 2019 13:48:24 -0400
X-Gmail-Original-Message-ID: <CAErg=HF2jF_VXYMf9h7Fwv0kM-7nfA-Z5a98R9BSg1JOxTC8WA@mail.gmail.com>
Message-ID: <CAErg=HF2jF_VXYMf9h7Fwv0kM-7nfA-Z5a98R9BSg1JOxTC8WA@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: Ryan Sleevi <ryan-ietf@sleevi.com>, Corey Bonnell <cbonnell@outlook.com>, "acme@ietf.org" <acme@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000091c51605874a4f4f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/eziUvctAhdGYFO9Df_HKewr6uo4>
Subject: Re: [Acme] SNI extension for tls-alpn-01 challenge in draft-ietf-acme-ip-05
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2019 17:48:40 -0000
On Wed, Apr 24, 2019 at 1:34 PM Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > > If that's roughly correct, would you agree a possible mitigation > > (notwithstanding complexity concerns) 'could' be the use of a client > hello > > extension, echo'd by the server (thus confirming it understands the > > protocol, and is not merely 'dumb' parsing but an active participant in > the > > TLS handshake), that indicates the IP being verified? > > The server must already acknowledge the IP address being verified. > I'm not sure how this conclusion is reached. Could you help me understand more? > And that mitigation does not work. If the NAT does not know about > TLS-ALPN, it will not know about whatever extension that would be, > and thus just copy it through straight to attacker, who can then > freely reply. I'm not sure why you say this. Your original threat model was that the TLS SNI NAT box does something 'sensible' in the absence of SNI - and that the attacker would not be able to terminate the handshake if SNI were absent. If the proposal were to omit the SNI, while still making sure it's bound to the request (via a separate extension), then as long as the TLS SNI NAT box does the sensible thing for an SNI-less request, there's no additional privilege. If the issue is that the TLS SNI NAT box is *only* secure in the context of DNS - and maybe it does something sensible absent an SNI, and maybe it's terrible and fundamentally insecure absent an SNI - then what we're saying is middleboxes are evil and fundamentally insecure ;)
- [Acme] SNI extension for tls-alpn-01 challenge in… Corey Bonnell
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Ryan Sleevi
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Corey Bonnell
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Ryan Sleevi
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Michael Richardson
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Salz, Rich
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Ryan Sleevi
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Michael Richardson
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Michael Richardson
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Ryan Sleevi
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Michael Richardson
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Ryan Sleevi
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Michael Richardson
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Ryan Sleevi
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Ilari Liusvaara
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Ryan Sleevi
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Ilari Liusvaara
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Ryan Sleevi
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Ilari Liusvaara
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Ryan Sleevi
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Corey Bonnell
- Re: [Acme] SNI extension for tls-alpn-01 challeng… Ilari Liusvaara