Re: [Acme] High level comments on draft-barnes-acme (the GitHub version)

James Kasten <jdkasten@umich.edu> Wed, 25 March 2015 22:48 UTC

Return-Path: <jdkasten@umich.edu>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7D8FC1A0063 for <acme@ietfa.amsl.com>; Wed, 25 Mar 2015 15:48:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1UuTEypNwfce for <acme@ietfa.amsl.com>; Wed, 25 Mar 2015 15:48:51 -0700 (PDT)
Received: from mail-ig0-f177.google.com (mail-ig0-f177.google.com [209.85.213.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94C5F1A1B25 for <acme@ietf.org>; Wed, 25 Mar 2015 15:48:50 -0700 (PDT)
Received: by igbqf9 with SMTP id qf9so38855718igb.1 for <acme@ietf.org>; Wed, 25 Mar 2015 15:48:49 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=FPKQlwsIQQnuYOgEgAkZ7vAmN6sAZFjSD+TZ9zjZrAk=; b=FwXui9tjZhITGLgfI2FaI1IPPc9AiTUEdV8mjKEosYxi0UBDscuIky9j9RBwbfaA/J JNhILysO/HYfjPkD/NYYPKqj4n+jywZpHj2aazw41dI0/Ur58qqMEWjxWO0w7DyD8s42 6S85a1X9HyVgPeuJUMKeThPBIQPxNl+9WDUFmbVT3agBrBcbeukCd7T1aprDnYPMe9+H T2iMBQczzefXwAB4JJwMnKZdWt8Unm6ReOFEJ2cFJRIBGM5Lu4gZ1Grz6gdJbB7+wiA1 Z05JAxEsbX3aa+fUFNvB1RXKfTB8xGB7vap4co46uS5X71TaDXNyBTm/NPzgowddZfIM lmEQ==
X-Gm-Message-State: ALoCoQmswW+NQZMm1e9KMn5bkqTiTOw5jTQbWfuKIIyppQhQRlwJo3Rzr6IxCZmUoYn9L1pAvyji
MIME-Version: 1.0
X-Received: by 10.50.49.43 with SMTP id r11mr33161432ign.18.1427323729428; Wed, 25 Mar 2015 15:48:49 -0700 (PDT)
Received: by 10.50.228.39 with HTTP; Wed, 25 Mar 2015 15:48:49 -0700 (PDT)
In-Reply-To: <CABtrr-Xv8z8fBjzwmqBVFo1JvBmZ40-69GbN9JqOZjzJRd7CPA@mail.gmail.com>
References: <92B826AA-48E3-454C-85A9-600F84D539DD@ericsson.com> <9F77199A-98B7-4963-8EA3-552405B5342F@titanous.com> <B4953448-093A-4DB7-B81D-B09FE31E7B3F@ericsson.com> <CABtrr-V4++ayD4UV32maWiOSLyg=r3Gj-HNnDaizQ_WoF_4PjQ@mail.gmail.com> <f4f8e8ed2e5e462da7943c807f880b09@usma1ex-dag1mb2.msg.corp.akamai.com> <CABtrr-Xv8z8fBjzwmqBVFo1JvBmZ40-69GbN9JqOZjzJRd7CPA@mail.gmail.com>
Date: Wed, 25 Mar 2015 15:48:49 -0700
Message-ID: <CAAEpsx_HP9CPfcVuZWqJ5cwTukx1QCfgV8DhH6jQBkQwfs-x-Q@mail.gmail.com>
From: James Kasten <jdkasten@umich.edu>
To: Joseph Lorenzo Hall <joe@cdt.org>
Content-Type: multipart/alternative; boundary=047d7bdca5b6df8106051224b38d
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/kR4qz9XEI1gFmwwNuFZWQ3HxZ80>
Cc: Jonathan Rudenberg <jonathan@titanous.com>, "Salz, Rich" <rsalz@akamai.com>, "acme@ietf.org" <acme@ietf.org>, John Mattsson <john.mattsson@ericsson.com>
Subject: Re: [Acme] High level comments on draft-barnes-acme (the GitHub version)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2015 22:48:53 -0000

> Having said that I was quite suprised that a new method was suggested.
> It IMHO mainly adds bloat.

It proves authoritative access over the server.  Changing the certificate
requires modifying the server configuration.  SimpleHTTP/S is vulnerable to
attackers who have filesystem access (PHP script etc) but don't necessarily
have authoritative permission over the server process itself.

DVSNI also doesn't require an HTTP server to perform the challenge.

On Wed, Mar 25, 2015 at 3:36 PM, Joseph Lorenzo Hall <joe@cdt.org> wrote:

> Cool, thanks for clarifying, all.
>
> On Wed, Mar 25, 2015 at 5:25 PM, Salz, Rich <rsalz@akamai.com> wrote:
> >
> >> This seems like a big deal, no? That is, since SNI is one of the few
> things not
> >> protected in the TLS handshake, it does seem spoofable. If there's not
> >> something I'm missing, it seems like the proposal should just drop DVSNI
> >> altogether.
> >
> > The SNI is protected (part of the message final MAC's) but it is not
> encrypted.
> >
>
>
>
> --
> Joseph Lorenzo Hall
> Chief Technologist
> Center for Democracy & Technology
> 1634 I ST NW STE 1100
> Washington DC 20006-4011
> (p) 202-407-8825
> (f) 202-637-0968
> joe@cdt.org
> PGP: https://josephhall.org/gpg-key
> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>