Re: [Acme] tls-alpn-01 spec: TLS-SNI history
Ryan Sleevi <ryan-ietf@sleevi.com> Thu, 21 June 2018 17:47 UTC
Return-Path: <ryan-ietf@sleevi.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73FE6130DEE for <acme@ietfa.amsl.com>; Thu, 21 Jun 2018 10:47:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sleevi.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zfdXzO1HdRYN for <acme@ietfa.amsl.com>; Thu, 21 Jun 2018 10:47:38 -0700 (PDT)
Received: from homiemail-a64.g.dreamhost.com (homie-sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 411B712F1A2 for <acme@ietf.org>; Thu, 21 Jun 2018 10:47:38 -0700 (PDT)
Received: from homiemail-a64.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a64.g.dreamhost.com (Postfix) with ESMTP id 30FA1A005B0C for <acme@ietf.org>; Thu, 21 Jun 2018 10:47:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; s=sleevi.com; bh=dIe11tWAXDHrjEz4W7492bk3AqM=; b= lCGX5DqfWagxPLMNsu4iHve0X2GdJ/hYtRLeBjuXzk0byzdNwT/rH5qLvrigq3Yb 145Z/JWbztsggkP5K7S9H6cnLoqP6I3X9+pYRdsEW6GrdLs6R4QyNhNRvaJdDm9Q oVG+kb/zSFHrd2qjcKH39lBSAix6S8zm8+PfxUNEkDM=
Received: from mail-it0-f54.google.com (mail-it0-f54.google.com [209.85.214.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ryan@sleevi.com) by homiemail-a64.g.dreamhost.com (Postfix) with ESMTPSA id 1CE3AA005B0A for <acme@ietf.org>; Thu, 21 Jun 2018 10:47:37 -0700 (PDT)
Received: by mail-it0-f54.google.com with SMTP id a195-v6so5885548itd.3 for <acme@ietf.org>; Thu, 21 Jun 2018 10:47:37 -0700 (PDT)
X-Gm-Message-State: APt69E38iEUcPGx8jxsdm5tJGeRHE6lG0Qg2i8riuzSFV8g9GIKkfs6E 095SIeCvdpIeRklta/U3pMi6WeeG73lMcNIKKkI=
X-Google-Smtp-Source: AAOMgpd1tX7+YprMqZqwpDHTuP3aMjAot8W/RAoCByX7a413sXGAcMmMFVt0hmEH595Gj5CT6lmxiwDZ7/woArl/in0=
X-Received: by 2002:a02:778d:: with SMTP id g135-v6mr4420897jac.35.1529603256484; Thu, 21 Jun 2018 10:47:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a02:986a:0:0:0:0:0 with HTTP; Thu, 21 Jun 2018 10:47:35 -0700 (PDT)
In-Reply-To: <BN6PR14MB1106291A3DA763776CADBE7783760@BN6PR14MB1106.namprd14.prod.outlook.com>
References: <4A77AEB5-0982-47C2-86AC-BD99D8D9E6F3@felipegasper.com> <20180620093445.GA23561@LK-Perkele-VII> <BN6PR14MB11060497CCB0337F3B8CEC4983760@BN6PR14MB1106.namprd14.prod.outlook.com> <CAErg=HHRx6e-4Y_7NQSN9KOtTL0iUuJ-K6Tz3BjDGEgyUoSR7A@mail.gmail.com> <BN6PR14MB1106291A3DA763776CADBE7783760@BN6PR14MB1106.namprd14.prod.outlook.com>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Thu, 21 Jun 2018 13:47:35 -0400
X-Gmail-Original-Message-ID: <CAErg=HEfJHnPKWNcc-oU4akm0nvK5KRr98Mft8t3ZOX6Huu=Og@mail.gmail.com>
Message-ID: <CAErg=HEfJHnPKWNcc-oU4akm0nvK5KRr98Mft8t3ZOX6Huu=Og@mail.gmail.com>
To: Tim Hollebeek <tim.hollebeek@digicert.com>
Cc: Ryan Sleevi <ryan-ietf@sleevi.com>, Ilari Liusvaara <ilariliusvaara@welho.com>, Felipe Gasper <felipe@felipegasper.com>, ACME WG <acme@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c022ee056f2a8262"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/fnS-6QvPoMG9l3ksYe0thQuFcBQ>
Subject: Re: [Acme] tls-alpn-01 spec: TLS-SNI history
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2018 17:47:42 -0000
On Thu, Jun 21, 2018 at 1:40 PM, Tim Hollebeek <tim.hollebeek@digicert.com> wrote: > So the disagreement is whether the it is sufficient to merely use the name > for the > > DNS lookup, and then accept whatever happens afterwards, or whether the > intent > > was that the web page should be retrieved in much the same way as it is > retrieved by > > browsers. Matching them as closely as possible makes the validation more > reliable. > I think TLS-ALPN documents why this is true, but we know multiple CAs that implemented either TLS-SNI or alternatives viewed it the same at the time. I am greatly appreciative of hindsight being 20/20, but I think it's important to recall that it is hindsight. As part of the introduction of 3.2.2.4.10, CAs were actively discussing about how this avoids the need to do such matches, and the CA/Browser Forum Validation WG acknowledged it as a correct interpretation. This is not about strict interpretations - this is about documented and uncontested discussion in the Validation WG. However, as to the remainder of the message, it seems we're echoing each other - that a well-specified TLS-ALPN that concretely documents the processing mode is of great benefit to the community, both in terms of client implementers knowing what edge cases to expect that may cause an ACME server to reject their response, and ACME servers to consider in implementing when considering the validation level of the client's request. My hope, then, is that any energy that might be directed at trying to duplicate this work in 3.2.2.4.10 in the CA/Browser Forum might otherwise be more productively and holistically directed at this effort within the IETF and TLS-ALPN, allowing both broader participation and review, and resulting in a state such that 3.2.2.4.10 can simply be replaced, wholesale, with a statement "Using TLS-ALPN as specified is acceptable". > Unfortunately, historically, the requirements are underspecified, and > there is freedom > > to implement the validation mechanism badly. There are improvements > > that were discussed in the excellent discussion in Virginia, but even > today, we > > aren’t there yet. So yes, it is possible by using a very strict, > technical reading, > > an argument can be made that TLS-SNI is compliant. > > > > I’m just not a fan of that argument. When the BRs say “retrieve a […] web > page”, I > > believe that includes a responsibility to interpret that provision in a > way that meets > > the intent of the validation method, and doesn’t introduce security risks. > > > > -Tim > > >
- Re: [Acme] tls-alpn-01 spec: TLS-SNI history Ryan Sleevi
- Re: [Acme] tls-alpn-01 spec: TLS-SNI history Tim Hollebeek
- Re: [Acme] tls-alpn-01 spec: TLS-SNI history Felipe Gasper
- Re: [Acme] tls-alpn-01 spec: TLS-SNI history Ryan Sleevi
- Re: [Acme] tls-alpn-01 spec: TLS-SNI history Tim Hollebeek
- Re: [Acme] tls-alpn-01 spec: TLS-SNI history Ryan Sleevi
- Re: [Acme] tls-alpn-01 spec: TLS-SNI history Ilari Liusvaara
- [Acme] tls-alpn-01 spec: TLS-SNI history Felipe Gasper