Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-caa-07: (with DISCUSS and COMMENT)
Hugo Landau <hlandau@devever.net> Thu, 06 June 2019 06:52 UTC
Return-Path: <hlandau@devever.net>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B954F1201BC; Wed, 5 Jun 2019 23:52:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=devever.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CSuxYAKg_FLT; Wed, 5 Jun 2019 23:52:37 -0700 (PDT)
Received: from umbriel.devever.net (umbriel.devever.net [149.202.51.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3842D120182; Wed, 5 Jun 2019 23:52:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by umbriel.devever.net (Postfix) with ESMTP id 958621C055; Thu, 6 Jun 2019 08:52:33 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=devever.net; h= user-agent:in-reply-to:content-transfer-encoding :content-disposition:content-type:content-type:mime-version :references:message-id:subject:subject:from:from:date:date :received:received; s=mimas; t=1559803953; x=1577993314; bh=9jjc iWrP3FrFRf7Z79ZXMDXsJ2zrN1ej8EldMkb17iY=; b=ke+c4JMOjVFzA9C6SrR1 fWYeyxce2x8AdNP9n6W5/T1s5Cdb9Ik0fibTvJWhLU5egf7zPINoH97CbOG/73G3 YdX1EbLNRlQ88GIkJvdplk76bGW8IzgoB6JSLoPHjdHOercAQ5oJ7+j1z97deAjz vYv+DzikMIBFt6u5aufDTSXqrHFbmDZxk6p2snGqlfLaS+69iZHmO3MysPg1xOwk FkQxZEj16anhkppR5OyD3mPX6eFSTN0uRY6hZa/2xqy3Zirr98nxudpkp/20NrQl +fdSIpg2EojNzLXhJojhnEIKsZjpXhT8+yqjujBLaRtFoG/JCsKPUhcIleaObJFf Fg==
Received: from umbriel.devever.net ([127.0.0.1]) by localhost (umbriel.devever.net [127.0.0.1]) (amavisd-new, port 10026) with LMTP id ynl7pltFqURt; Thu, 6 Jun 2019 08:52:33 +0200 (CEST)
Received: from axminster (localhost [127.0.0.1]) by umbriel.devever.net (Postfix) with ESMTP id 40DDF1C032; Thu, 6 Jun 2019 08:52:33 +0200 (CEST)
Date: Thu, 06 Jun 2019 07:52:33 +0100
From: Hugo Landau <hlandau@devever.net>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: The IESG <iesg@ietf.org>, draft-ietf-acme-caa@ietf.org, Daniel McCarney <cpu@letsencrypt.org>, acme-chairs@ietf.org, acme@ietf.org
Message-ID: <20190606065232.GA14091@axminster>
References: <155899962263.692.16282630101807703064.idtracker@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <155899962263.692.16282630101807703064.idtracker@ietfa.amsl.com>
User-Agent: Mutt/1.11.3 (2019-02-01)
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/lsg2h-4CM9ooJb4otUu1T8UuKcc>
Subject: Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-caa-07: (with DISCUSS and COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jun 2019 06:52:41 -0000
Sorry, I somehow missed this one. > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > I think we need to have some privacy considerations text about how this > mechanism exposes ACME account URLs, which are otherwise intended to be > unguessable, in the public DNS view. While ACME is generally intended > to remain secure in the face of such information disclosure, it does > have potential to enable some forms of correlation attacks, and could > lead to DoS attempts specific to a given account or accounts. I agree. How's this? Revelation of Account URIs -------------------------- Because CAA records are publically accessible, use of the "accounturi" parameter enables third parties to observe the authorized account URIs for a domain. This may allow third parties to identify a correlation between domains if those domains use the same account URIs. CAs MUST select and process account URIs under the assumption that untrusted third parties may learn of them. > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > I support Barry's Discusses (noting in particular that the "ca-" prefix is > not reserved for local use by RFC 8555). > > Did we consider supplying ABNF descriptions of the parameter values? In > particular, this would unambiguously specify whether optional whitespace > is admitted in the comma-separated list used by "validationmethods". I don't believe this was considered, but it seems like an improvement. How's this? The value of the "validationmethods" parameter MUST comply with the following ABNF {{RFC5234}}: value = [*(label ",") label] label = 1*(ALPHA / DIGIT / "-") > The shepherd writeup notes that there used to be hyphens in > "account-uri" and "accepted-challenges". It seems that rfc6844bis has > expanded the grammar to allow such hyphens; do we want to revisit their > removal from this document? Noting that rfc6844bis is also slated for > approval on this week's telechat, it may be worth updating the > references as well, regardless of the decision on hyphens. I agree we should change this to rfc6844bis, done. I'm neutral on reintroducing hyphens. I don't think it's worth doing, since there is now an implementation out there: <https://community.letsencrypt.org/t/acme-caa-validationmethods-support/63125> > Section 3 > > The presence of this parameter constrains the property to which it is > attached. Where a CAA property has an "accounturi" parameter, a CA > MUST only consider that property to authorize issuance in the context > of a given certificate issuance request if the CA recognises the URI > specified as identifying the account making that request. > > nit: perhaps "URI specified in the value portion of the accounturi > parameter" for maximum clarity? Changed to: The presence of this parameter constrains the property to which it is attached. Where a CAA property has an "accounturi" parameter, a CA MUST only consider that property to authorize issuance in the context of a given certificate issuance request if the CA recognises the URI specified in the value portion of that parameter as identifying the account making that request. > > Section 4 > > The presence of this parameter constrains the property to which it is > attached. A CA MUST only consider a property with the > "validationmethods" parameter to authorize issuance where the name of > the challenge method being used is one of the names listed in the > comma-separated list. > > nit: I'm not sure that we've really defined "challenge method" in the > sense it's used here. (We do define it in the sense of "names listed in > the comma-separated list", but it seems like this usage is trying to > refer to the actual actions taken by the CA to authorize the issuance > request. s/challenge/validation/ -- consistency. s/name/label/ -- consistency with the ACME Validation Methods IANA registry. Revised this a little to make things more watertight. The text of this section is now: A CAA parameter "validationmethods" is also defined for the "issue" and "issuewild" properties. The value of this parameter, if specified, MUST be a comma-separated string of validation method labels. A validation method label identifies a validation method. A validation method is a particular way in which a CA can validate control over a domain. The presence of this parameter constrains the property to which it is attached. A CA MUST only consider a property with the "validationmethods" parameter to authorize issuance where the validation method being used is identified by one of the validation method labels listed in the comma-separated list. Each validation method label MUST be either the label of a method defined in the ACME Validation Methods IANA registry, or a CA-specific non-ACME validation method label as defined below. Where a CA supports both the "validationmethods" parameter and one or more non-ACME validation methods, it MUST assign labels to those methods. If appropriate non-ACME labels are not present in the ACME Validation Methods IANA registry, the CA MUST use labels beginning with the string "ca-", which are defined to have CA-specific meaning. The value of the "validationmethods" parameter MUST comply with the following ABNF {{RFC5234}}: value = [*(label ",") label] label = 1*(ALPHA / DIGIT / "-") > > Section 5.2 > > I think this section may be predicated on an understanding of CAA > "issue"/"issuewild" parameters that does not match my own. (Note that > this includes the possibility that my understanding is incorrect.) > Specifically, my reading of draft-ietf-lamps-rfc6844bis-06 Section 4.2 > indicates that a given paramter is only defined for usage in a CAA > "issue" record at the explicit specification of the Issuer, and that the > Issuer alone determines their semantics. So when this text says that > parameters are not an effective control absent out-of-band establishment > of support, that's either a non sequitur or a tautology -- nobody has > any business adding parameters to an Issuer's CAA entry unless that > Issuer has told them to do so, full stop. > Granted, we are complicating things by providing a preestablished > specification for a set of parameters that an Issuer may choose to > incorporate by reference, but I don't see that as changing the fact that > the parameters are still specific to the given Issuer (and their CAA > entry). > Similarly, "MUST NOT assume" and "SHOULD also document" are repeating > requirements from rfc6844bis, when starting from my frame of reference > (and thus would not need to use the normative capitalization). I agree with your interpretation, and this interpretation is in fact explicitly stated in the IANA considerations section — but I don't think how this is worded currently is a problem. I mean, it's the security considerations section — it's not just there to add more normative requirements, but to point out ways you could shoot yourself in the foot. We need to spell it out for people. > Section 5.7 > > This seems perhaps more appropriate in the core CAA specification than > in this document. Conveniently, rfc6844bis is open and in IESG > evaluation... I've changed to rfc6844bis, but I don't think it's worth removing this. It was added on request, and applying more security properties to CAA is a good opportunity to remind people of this subtlety.
- [Acme] Benjamin Kaduk's Discuss on draft-ietf-acm… Benjamin Kaduk via Datatracker
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Hugo Landau
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Tim Hollebeek
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Benjamin Kaduk
- Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf… Hugo Landau