IETF Logo Mail Archive

Re: [Acme] Threat model for claiming domains

Rob Stradling <rob.stradling@comodo.com> Tue, 23 December 2014 12:34 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C4B61ACE2C for <acme@ietfa.amsl.com>; Tue, 23 Dec 2014 04:34:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.5
X-Spam-Level:
X-Spam-Status: No, score=-0.5 tagged_above=-999 required=5 tests=[BAYES_05=-0.5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hurkpqE7eTyQ for <acme@ietfa.amsl.com>; Tue, 23 Dec 2014 04:33:58 -0800 (PST)
Received: from mmextmx1.mcr.colo.comodoca.net (mmextmx1.mcr.colo.comodoca.net [IPv6:2a02:1788:402:c00::c0a8:9cd5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2E3831ACDC5 for <acme@ietf.org>; Tue, 23 Dec 2014 04:29:42 -0800 (PST)
Received: (qmail 10028 invoked by uid 1004); 23 Dec 2014 12:29:40 -0000
Received: from ian.brad.office.comodo.net (HELO ian.brad.office.comodo.net) (192.168.0.202) by mmextmx1.mcr.colo.comodoca.net (qpsmtpd/0.84) with ESMTP; Tue, 23 Dec 2014 12:29:40 +0000
Received: (qmail 25709 invoked by uid 1000); 23 Dec 2014 12:29:40 -0000
Received: from and0004.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Tue, 23 Dec 2014 12:29:40 +0000
Message-ID: <54996033.2@comodo.com>
Date: Tue, 23 Dec 2014 12:29:39 +0000
From: Rob Stradling <rob.stradling@comodo.com>
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Thunderbird/31.3.0
MIME-Version: 1.0
To: Richard Barnes <rlb@ipv.sx>
References: <CAHOTMVJdf8mQ-8_-ocHpfUA+N9v-S5VsBWgOVp1aFwDaWp3d0Q@mail.gmail.com> <CAL02cgSvc1sO-iH3J_c4f=A2CspKwG686DaSUC1JKLD4GRy__w@mail.gmail.com> <5497F5BB.9030002@comodo.com> <CAL02cgSLtiN0Q-KEWZLcG_YjrW0gtdrwJHF9e6W_FdkHR92aig@mail.gmail.com>
In-Reply-To: <CAL02cgSLtiN0Q-KEWZLcG_YjrW0gtdrwJHF9e6W_FdkHR92aig@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/acme/m_G_A7y50rriCgOj7eAYvLvsbtc
Cc: "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] Threat model for claiming domains
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Dec 2014 12:34:01 -0000

On 22/12/14 14:29, Richard Barnes wrote:
> Hey Rob,
>
> Thanks for this.  The HTTP one looks more or less as I would have
> expected.  We should probably tighten up the ACME one to look more like it.
>
> With regard to the DNS validation:
> 1. Is there a reason you guys use CNAME instead of TXT?

Hi Richard.  I don't recall any particularly good reason for why we 
chose to use CNAME instead of TXT.  I think it was just a case of 
sticking with what we knew would work and with what our customers were 
more likely to already be familiar with.

> 2. W.r.t. using a subdomain vs. the name itself: When we wrote the
> current ACME spec, the thinking was that it might be possible for an
> applicant to provision a subdomain without being able to provision a
> record under the name itself.  For example, with my Dreamhost hosting
> account, I can register any records I want under "<md5>.dreamhosters.com
> <http://dreamhosters.com>", but I can't provision under
> "dreamhosters.com <http://dreamhosters.com>".  Are you accounting for
> this risk somehow?

I just started going through the signup process at www.dreamhost.com.  I 
see that it would be trivial to register the domain <md5>.dreamhosters.com.

IIUC, you're suggesting that there's a risk that Dreamhost might let you 
register a CNAME record for <md5>.dreamhosters.com that points to 
<sha1>.comodoca.com.
A colleague just said to me: "most shared hosts (like Dreamhost) 
designate that subdomain you request for webhosting and that it's 
incredibly unlikely (read: near-impossible) to get them to change their 
DNS for that to point anywhere other than their shared hosting servers."

BTW, the reason I came up with the idea of using CSR hashes was because 
we were trying to workaround patented domain control methods that 
involve a CA-generated secret.

> I notice that there are mentions of an API in that document.  If you
> have other API documentation you could share, that could be useful.  In
> particular, it would make it easier to make ACME something that you guys
> could transition to :)

Here's the main page for our API documentation:
https://secure.comodo.com/api/

As PZB already noted, you can grab the latest versions of all of our API 
docs here:
https://secure.comodo.com/api/pdf/latest/

To see just the API docs that are relevant to SSL certs, look here:
https://secure.comodo.com/api/pdf/webhostreseller/sslcertificates/


BTW, I agree with PHB's summary at the top of this message...
http://www.ietf.org/mail-archive/web/acme/current/msg00096.html
...of how and why our APIs fall short of being ideal.

> --Richard
>
>
>
> On Mon, Dec 22, 2014 at 5:43 AM, Rob Stradling <rob.stradling@comodo.com
> <mailto:rob.stradling@comodo.com>> wrote:
>
>     Hi Richard.  This pdf has some more details on Comodo's other domain
>     validation methods...
>
>     https://secure.comodo.com/api/__pdf/latest/Domain%20Control%__20Validation.pdf
>     <https://secure.comodo.com/api/pdf/latest/Domain%20Control%20Validation.pdf>
>
>     On 20/12/14 00:25, Richard Barnes wrote:
>
>         Hey Tony,
>
>         I just got around to thinking about this for a moment.
>         Obviously, our
>         baseline here should be whatever the CAs are doing today, since
>         we have
>         empirical evidence that those methods are more or less OK.  I did a
>         quick and dirty empirical survey of the top few CAs this afternoon:
>
>         https://docs.google.com/a/ipv.__sx/document/d/1KVKIS6abA2KL-__yHvFsMql6U3qUjVhgO6p19Hzci0vQo__/edit?usp=sharing
>         <https://docs.google.com/a/ipv.sx/document/d/1KVKIS6abA2KL-yHvFsMql6U3qUjVhgO6p19Hzci0vQo/edit?usp=sharing>
>
>         For the most part, they rely on sending an email to either the
>         registered WHOIS contact, or something like admin@domain.
>         GlobalSign
>         supports validation based on a DNS record or a <meta> tag in
>         index.html.
>
>         With regard to your concern about services colocated on the same IP
>         (presumably for simpleHttps and DVSNI validation): This seems to
>         mostly
>         be addressed by not allowing the ACME client to specify the port
>         that
>         the ACME server connects to.  That means that the attacker has to
>         control not only something on the box, but the default port for
>         HTTP or
>         HTTPS.  If that's not the case, normal routing based on the Host
>         header
>         or SNI should ensure that the validation request goes to the
>         right place.
>
>         Nonetheless, I agree that more analysis would be useful, across
>         all the
>         validation methods.
>
>         --Richard
>
>
>         On Mon, Dec 1, 2014 at 7:33 PM, Tony Arcieri <bascule@gmail.com
>         <mailto:bascule@gmail.com>
>         <mailto:bascule@gmail.com <mailto:bascule@gmail.com>>> wrote:
>
>              Is there a published threat model for claiming domains? I
>         haven't
>              been able to find it, but I'd certainly like to read it!
>
>              If we simply accept a service running on the same IP that a
>         given
>              DNS name points to, there seems ample opportunity to register
>              certificates for services colocated on the same IP.
>
>              --
>              Tony Arcieri
>
>     --
>     Rob Stradling
>     Senior Research & Development Scientist
>     COMODO - Creating Trust Online
>
>
>
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme
>

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
   3rd Floor, 26 Office Village, Exchange Quay,
   Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed.  If you have received this email in error please notify the 
sender by replying to the e-mail containing this attachment. Replies to 
this email may be monitored by COMODO for operational or business 
reasons. Whilst every endeavour is taken to ensure that e-mails are free 
from viruses, no liability can be accepted and the recipient is 
requested to use their own virus checking software.

v2.23.0 | Report a Bug | By Email