IETF Logo Mail Archive

Re: [Acme] SNI extension for tls-alpn-01 challenge in draft-ietf-acme-ip-05

Ryan Sleevi <ryan-ietf@sleevi.com> Wed, 24 April 2019 17:48 UTC

Return-Path: <ryan.sleevi@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52DE6120118 for <acme@ietfa.amsl.com>; Wed, 24 Apr 2019 10:48:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Level:
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EYnCZ9q8Pnrg for <acme@ietfa.amsl.com>; Wed, 24 Apr 2019 10:48:38 -0700 (PDT)
Received: from mail-ed1-f53.google.com (mail-ed1-f53.google.com [209.85.208.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6881F120117 for <acme@ietf.org>; Wed, 24 Apr 2019 10:48:38 -0700 (PDT)
Received: by mail-ed1-f53.google.com with SMTP id k92so16685478edc.12 for <acme@ietf.org>; Wed, 24 Apr 2019 10:48:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jaap/sFX8RaOd+yrnOQ/ZDPR1XZBSfVF1InG3Z7Bl2o=; b=tBNz5JuksHnKteB2NphfnejGN9u1voQebW51Pc5EU3vdw8kdV0CALTyoDZWsX72uew AFEBqpEUryCzVzS36+oeyQDeY3rRHhKAViLEzDmJS7/zbvXwd3E3fdEDqr9UfXbF8qWI rP2oO4y7pgI8GmEtvuBzAb2/CAKXVBljq3pWFR5+lrCWiF/8X6b/AtyfQAMnvLjcnoge RgJjFZI2InA/feHir8JbSq0RptqhLqwPoKWuNmlFeYsZ/4w8c9taPvG2SO3hqDWSTy/Z M181+FehnXvJExHVckkkBBElTMV2psIsjrR3XtgjFbIE1B/ex7oN4tOQFjvxXj9c+Asj y/FQ==
X-Gm-Message-State: APjAAAVosqgxM2kv3efk6ZLoFzculLv9qkqS8CbrFd7xntJoPUWaJYBW QoXVSVamkRI54HuY8LXc/wfvreP9
X-Google-Smtp-Source: APXvYqw4LxnlRbOrSrYKRvzWUgKXkdi33pNxntBzcfxMQLrLI/cK9R+ZhzQPFBMe1dnO9az2aUtgHg==
X-Received: by 2002:aa7:c510:: with SMTP id o16mr20113658edq.277.1556128116692; Wed, 24 Apr 2019 10:48:36 -0700 (PDT)
Received: from mail-wr1-f47.google.com (mail-wr1-f47.google.com. [209.85.221.47]) by smtp.gmail.com with ESMTPSA id br19sm3700679ejb.48.2019.04.24.10.48.36 for <acme@ietf.org> (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Wed, 24 Apr 2019 10:48:36 -0700 (PDT)
Received: by mail-wr1-f47.google.com with SMTP id s15so26309652wra.12 for <acme@ietf.org>; Wed, 24 Apr 2019 10:48:36 -0700 (PDT)
X-Received: by 2002:adf:eb87:: with SMTP id t7mr23765733wrn.39.1556128115833; Wed, 24 Apr 2019 10:48:35 -0700 (PDT)
MIME-Version: 1.0
References: <MN2PR18MB28457CCBEF6FFE2B70E286FCC3250@MN2PR18MB2845.namprd18.prod.outlook.com> <20190424142331.GA502878@LK-Perkele-VII> <CAErg=HFZSo5XF8x9WtC=5tCcXFN3xweg2ewMZSZwh0ON8kWaNw@mail.gmail.com> <20190424173439.GA503906@LK-Perkele-VII>
In-Reply-To: <20190424173439.GA503906@LK-Perkele-VII>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Wed, 24 Apr 2019 13:48:24 -0400
X-Gmail-Original-Message-ID: <CAErg=HF2jF_VXYMf9h7Fwv0kM-7nfA-Z5a98R9BSg1JOxTC8WA@mail.gmail.com>
Message-ID: <CAErg=HF2jF_VXYMf9h7Fwv0kM-7nfA-Z5a98R9BSg1JOxTC8WA@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: Ryan Sleevi <ryan-ietf@sleevi.com>, Corey Bonnell <cbonnell@outlook.com>, "acme@ietf.org" <acme@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000091c51605874a4f4f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/eziUvctAhdGYFO9Df_HKewr6uo4>
Subject: Re: [Acme] SNI extension for tls-alpn-01 challenge in draft-ietf-acme-ip-05
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Apr 2019 17:48:40 -0000

On Wed, Apr 24, 2019 at 1:34 PM Ilari Liusvaara <ilariliusvaara@welho.com>
wrote:

> > If that's roughly correct, would you agree a possible mitigation
> > (notwithstanding complexity concerns) 'could' be the use of a client
> hello
> > extension, echo'd by the server (thus confirming it understands the
> > protocol, and is not merely 'dumb' parsing but an active participant in
> the
> > TLS handshake), that indicates the IP being verified?
>
> The server must already acknowledge the IP address being verified.
>

I'm not sure how this conclusion is reached. Could you help me understand
more?


> And that mitigation does not work. If the NAT does not know about
> TLS-ALPN, it will not know about whatever extension that would be,
> and thus just copy it through straight to attacker, who can then
> freely reply.


I'm not sure why you say this. Your original threat model was that the TLS
SNI NAT box does something 'sensible' in the absence of SNI - and that the
attacker would not be able to terminate the handshake if SNI were absent.
If the proposal were to omit the SNI, while still making sure it's bound to
the request (via a separate extension), then as long as the TLS SNI NAT box
does the sensible thing for an SNI-less request, there's no additional
privilege.

If the issue is that the TLS SNI NAT box is *only* secure in the context of
DNS - and maybe it does something sensible absent an SNI, and maybe it's
terrible and fundamentally insecure absent an SNI - then what we're saying
is middleboxes are evil and fundamentally insecure ;)

v2.23.0 | Report a Bug | By Email