[Acme] Benjamin Kaduk's Yes on draft-ietf-acme-tls-alpn-06: (with COMMENT)

Benjamin Kaduk via Datatracker <noreply@ietf.org> Tue, 01 October 2019 01:07 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: acme@ietf.org
Delivered-To: acme@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C3699120096; Mon, 30 Sep 2019 18:07:28 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Benjamin Kaduk via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-acme-tls-alpn@ietf.org, Daniel McCarney <cpu@letsencrypt.org>, acme-chairs@ietf.org, cpu@letsencrypt.org, acme@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.103.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Benjamin Kaduk <kaduk@mit.edu>
Message-ID: <156989204879.24249.6112061930191061196.idtracker@ietfa.amsl.com>
Date: Mon, 30 Sep 2019 18:07:28 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/mddpHf1nGbFVQnD9GDKRQNRmRSI>
Subject: [Acme] Benjamin Kaduk's Yes on draft-ietf-acme-tls-alpn-06: (with COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 01:07:29 -0000

Benjamin Kaduk has entered the following ballot position for
draft-ietf-acme-tls-alpn-06: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-acme-tls-alpn/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Please respond to the ARTART review; there's some good comments in there
about constraining the permitted TLS versions/algorithms, the specifics
of the acme-tls/1 (non-)protocol, the use of a different certificate
model than RFC 5280, and the (non-)need to complete the TLS handshake.

Section 1

"Because no existing software implements this protocol" is not going to
age well; perhaps an approach more like "Because this protocol does not
build on a preexisting deployment base" would do better.

Section 7

   the provider.  When the TLS SNI challenge was designed it was assumed
   that a user would only be able to respond to TLS traffic via SNI for
   domain names they controlled (i.e. if User A registered Host A and
   User B registered Host B with a service provider that User A wouldn't
   be able to respond to SNI traffic for Host B).  This turns out not to
   be a security property provided by a number of large service
   providers.  [...]

Perhaps I'm misremembering, but I don't think this characterizes exactly
the situation that led to the TLS SNI challenge being deemed
irredeemable: the issues arise when User B *has not yet* registered Host
B, and either the registration validation at the provider was lax or
User A could connive to get into the default-SNI handler.  The *attack*
was possible even when User B has registered Host B, because the
validation used a subdomain, as we discuss below, but here we are
talking about the SNI routing, which needed to be for an unregistered
(or not-validly-registered) name.