IETF Logo Mail Archive

Re: [Acme] ACME signature mechanics

Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 18 December 2014 19:30 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F14A1A9253 for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 11:30:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Kyyz2eDO1QE for <acme@ietfa.amsl.com>; Thu, 18 Dec 2014 11:30:37 -0800 (PST)
Received: from mail-wi0-x22d.google.com (mail-wi0-x22d.google.com [IPv6:2a00:1450:400c:c05::22d]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2B7FA1A1BD1 for <acme@ietf.org>; Thu, 18 Dec 2014 11:30:37 -0800 (PST)
Received: by mail-wi0-f173.google.com with SMTP id r20so2889046wiv.6 for <acme@ietf.org>; Thu, 18 Dec 2014 11:30:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:content-type; bh=AmcKLgXbAxuo3NU82GpZqiXk+zqF3t/ZueghlTENxSE=; b=URv8hoWXGdYoz8DaBX3hqAIooim/RIR3WDNNevwmwOvAZpt/5W/smkwLxiW4Hut7ij meX5CnW7u6B7RACzmbP9sNhJOSDZHvzfls0HAjNf4j74qO2VVudqQ4TxIOmh29xOw9Nx //O9oFrZSNTsVpVOWCO8XtTZ02+zgFOfBqQcx2sHoh+oetApJyOa6VHdCoMFhj0xQo6t zClBoe9r+uiK97ln7YIHw/DtErjAhP8m+qedkvg1g8uI6ZZ67zFkvALsC1frKBV88Z78 iylxt3C8o4DvO8T8fk3j67Lvaiatz9butDHFlpmn1fVpGZPOITxe7iwhqaxWSFtQWeAV d8yg==
X-Received: by 10.180.108.205 with SMTP id hm13mr8292135wib.5.1418931032502; Thu, 18 Dec 2014 11:30:32 -0800 (PST)
Received: from [192.168.1.79] (52.16.14.81.rev.sfr.net. [81.14.16.52]) by mx.google.com with ESMTPSA id e7sm10056980wjf.18.2014.12.18.11.30.30 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 18 Dec 2014 11:30:31 -0800 (PST)
Message-ID: <54932B50.8060405@gmail.com>
Date: Thu, 18 Dec 2014 20:30:24 +0100
From: Anders Rundgren <anders.rundgren.net@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: Trevor Freeman <trevor.freeman99@icloud.com>, 'Phillip Hallam-Baker' <phill@hallambaker.com>
References: <548FF9E3.1020703@gmail.com> <CAL02cgT9iYqtX2Ui5XQYnj=yeF_QnSkKn-jE0D5d56WMzB5bBg@mail.gmail.com> <CAMm+LwjwG0dPTkByu5WZ_ev3xNxAMwunoc-A_VK4sKPSZXRYDw@mail.gmail.com> <006c01d01a33$2b086890$811939b0$@icloud.com> <CABkgnnWGQarDzpx-3f488OF2w3eyTV1iUr4GWyND+_avRHNZ6w@mail.gmail.com> <004901d01a94$55e9ebe0$01bdc3a0$@icloud.com> <54928827.9030009@gmail.com> <CAMm+Lwifqgt9e_i=froACzGW3bsY05KBiJJFBRJrqJcZrEqN8A@mail.gmail.com> <009d01d01af3$8013a2d0$803ae870$@icloud.com>
In-Reply-To: <009d01d01af3$8013a2d0$803ae870$@icloud.com>
Content-Type: multipart/alternative; boundary="------------040005020402030605050803"
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/fAJ-59eBf9Qp8-LTDE-aAP4dJVk
Cc: 'Richard Barnes' <rlb@ipv.sx>, acme@ietf.org, 'Martin Thomson' <martin.thomson@gmail.com>
Subject: Re: [Acme] ACME signature mechanics
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Dec 2014 19:30:48 -0000

On 2014-12-18 19:50, Trevor Freeman wrote:
>
> *From:*Acme [mailto:acme-bounces@ietf.org] *On Behalf Of *Phillip Hallam-Baker
> *Sent:* Thursday, December 18, 2014 4:34 AM
> *To:* Anders Rundgren
> *Cc:* Richard Barnes; Martin Thomson; acme@ietf.org; Trevor Freeman
> *Subject:* Re: [Acme] ACME signature mechanics
>
> On Thu, Dec 18, 2014 at 2:54 AM, Anders Rundgren <anders.rundgren.net@gmail.com <mailto:anders.rundgren.net@gmail.com>> wrote:
>
> Having worked with Europe's EAC (e-passport biometric data protection PKI),
> which works as described below, I would strongly recommend NOT using HTTPS
> client-certificate authentication because it doesn't fit a normal installation
> with an external security-proxy.
>
> */[TF] Strange, I have worked with similar constraints with cloud based services and this model worked just fine./*
>

It is possibly that I didn't completely understood the scenario you described but
you also need a trust anchor in the proxy end, don't you?  This seems to not work
with a CSR unless you already have a certificate.

What am I missing here?


> *//*
>
> *//*
>
> +1
>
> Part of the objective here should be to put the end customer in control by running their own issue point that is a proxy to a CA or another proxy. Binding the authentication to the transport means that the proof of possession can only be verified by the proxy which breaks the model.
>
> */[TF] If you trust the proxy enough to terminal the TLS then you trust it enough to pass a flag to indicate authentication succeeded/*
>
> */Have you considered what value the POP on a pkcs#10 actually delivers? It does not show the subject submitting the request is the same as the one in control of the key pair. It just proves to the CA the key pair is functional. /*
>

I agree that the PoP provided by PKCS #10 is essentially useless.
I got the impression that AMCE relies on other data to authenticate the request.

In the proxy systems I have worked with messages were checked for sanity before transferred to the secure world.

Related question:
http://www.ietf.org/mail-archive/web/acme/current/msg00143.html

Anders


> On top of which, it is really yucky to implement. The less time spent traveling unimplemented, unexplored and un-debugged code paths, the better.
>
> Minimal TLS stacks for embedded devices don't typically do client auth. See 'minimal'.
>

v2.23.0 | Report a Bug | By Email