IETF Logo Mail Archive

Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-acme-14: (with DISCUSS and COMMENT)

Felix Fontein <felix@fontein.de> Sun, 16 September 2018 15:37 UTC

Return-Path: <felix@fontein.de>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D935127B92 for <acme@ietfa.amsl.com>; Sun, 16 Sep 2018 08:37:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (4096-bit key) header.d=fontein.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id edWFykXfwUGn for <acme@ietfa.amsl.com>; Sun, 16 Sep 2018 08:37:51 -0700 (PDT)
Received: from fontein.de (fontein.de [82.220.91.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB2F0120072 for <acme@ietf.org>; Sun, 16 Sep 2018 08:37:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=fontein.de; s=20160508; h=References:In-Reply-To:Subject:To:From:Date:Cc; bh=Ga3MI6q6OrUytHOVi3QKdQIM4kogRPwuAQ2F0JmWFVo=; b=V6sUdIxh3rp/7aNSuJNhq3zZsK FlaeWPV6VB6BxgNUuRbmwq7s133gDdBSd+Bl7VYJ8oT4TKYRM+LrsG2JHffiUGB1Ef+hJ89iYTbzi cxfdIKE+CE7yDsKMidFZXeIIhsEH1zdEeipI6e7rCSpDqRCkTUTjQ81QYe9h7bd+zgFMHV6QdAVf7 vFk6gwJVkrosQKsdED0a4ODQfeujokVLZ9eZS7w8BU38OsA6t/JlwmJ/etirBfwngBBC7D9R74NJ0 m9C2PoG0bbWz0vzFLfGeF162wbF/6suHGzpu9JG9tn+8VUlGEvpccTSZA+KX5YQz+LE5zJcBNqrrK /YKu4WPfy+8g40rhikKKqpdvYrXIE/HkUc1yrRC8Qe+nEjG0OQxjecLVnduw1OigP9BevMLODvb46 TsojBPds3u6qM5m3Gab/Pfq2NtwETCPEvy1zPkmyBD6DWfJv/TvUcg65xEV8RbLhrDeEiXHla3VIs iKzyMo9YMS/wk0FCOnFJMp0YRL3F4O06tFApVJ29T6kkWiVpNAXd0sqIMuHDoWVM6ZqEUatUI+jUy m9Ob6ee9TV9BLUs+DxzSIkXMDbJTkuhjitqnyYnsaHASwM9fqJQ9+8JNNtFX5UeUVxPkGVmg9luqX UHi/aLoBG+8Bj1CUeVxmixMcLm8mW9IOqLfojSdNw=;
Received: from 77-58-146-129.dclient.hispeed.ch ([77.58.146.129] helo=rovaniemi) by fontein.de with esmtpsa (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim) (envelope-from <felix@fontein.de>) id 1g1Z5G-0000mc-TY for acme@ietf.org; Sun, 16 Sep 2018 17:35:39 +0200
Date: Sun, 16 Sep 2018 17:35:37 +0200
From: Felix Fontein <felix@fontein.de>
To: acme@ietf.org
Message-ID: <20180916173537.1fe0d18d@rovaniemi>
In-Reply-To: <20180916015154.GU48265@kduck.kaduk.org>
References: <153556883241.14872.599302420878484743.idtracker@ietfa.amsl.com> <CAL02cgQoC1YAA1wjftoFSMBfm7Vi4KUXUQW633GZ5tM9VMMrmg@mail.gmail.com> <CAKnbcLgNrmqWp4BUz=c2-Y5NQ3FqfPe3-RqRp_ocWxv+c+jWWA@mail.gmail.com> <20180916015154.GU48265@kduck.kaduk.org>
X-Mailer: Claws Mail 3.17.1 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-Spam_score: -2.9
X-Spam_score_int: -28
X-Spam_bar: --
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/mL39nfvGnHXIZ7f2yobsFccAEOo>
Subject: Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-acme-14: (with DISCUSS and COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Sep 2018 15:37:54 -0000

Hi,

> > >    [...] Secondly, the entropy requirement
> > >    prevents ACME clients from implementing a "naive" validation
> > > server that automatically replies to challenges without
> > > participating in the creation of the initial authorization
> > > request.
> > >
> > > IMPORTANT: I'm not sure I see how this applies to the HTTP
> > > mechanism -- couldn't you write a script to reply
> > > to .well-known/acme-challenge/<foo> with <foo>.<key thumbprint>
> > > for a fixed key thumbprint?  The validation server would ned to
> > > know about the ACME account in question, but not about any
> > > individual authorization request.  
> > 
> > It would also need to know the <foo> value, which is not provided
> > in the validation request specifically to avoid this.  
> 
> As I said above, "[w]ell now I'm really confused."  In the example
> HTTP challenge exchange (duplicated here):
> 
> GET /.well-known/acme-challenge/LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0
> Host: example.org
> 
> HTTP/1.1 200 OK
> Content-Type: application/octet-stream
> 
> LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0.9jg46WB3rR_AHD-EBXdN7cBkH1WOu0tA3M9fm21mqTI
> 
> Doesn't the path in the GET include the <foo>?

Yes, and some people are already using this to add a generic
authorization replier (which needs the thumbprint of the account key).
For example, the acme.sh client supports this "stateless mode" (as it
is called there):
https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode

(There currently is also a discussion in the Let's Encrypt community
forum about this, see
https://community.letsencrypt.org/t/xss-via-acme-implementations/72295;
this is because some implementations do not restrict the allowed input
and thus allow XSS attacks, as described here:
https://labs.detectify.com/2018/09/04/xss-using-quirky-implementations-of-acme-http-01/)

Cheers,
Felix

v2.23.0 | Report a Bug | By Email