Re: [Acme] Call for adoption of draft-aaron-acme-ari-02
Aaron Gable <aaron@letsencrypt.org> Fri, 17 June 2022 23:48 UTC
Return-Path: <aaron@letsencrypt.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D597C159485 for <acme@ietfa.amsl.com>; Fri, 17 Jun 2022 16:48:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.853
X-Spam-Level:
X-Spam-Status: No, score=-2.853 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.745, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=letsencrypt.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FNpzxDGwJ5CM for <acme@ietfa.amsl.com>; Fri, 17 Jun 2022 16:48:39 -0700 (PDT)
Received: from mail-vk1-xa2c.google.com (mail-vk1-xa2c.google.com [IPv6:2607:f8b0:4864:20::a2c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83DECC14F724 for <acme@ietf.org>; Fri, 17 Jun 2022 16:48:39 -0700 (PDT)
Received: by mail-vk1-xa2c.google.com with SMTP id p83so2642547vkf.6 for <acme@ietf.org>; Fri, 17 Jun 2022 16:48:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=letsencrypt.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Zytq+dX7B0aCKRzVQz/Ghr2dJWGl3nuxcgDSw32C2I8=; b=gprhVIRRsd5IqjFoGIlfiSELgNm10eokEv4I3vwInqAoP00RIUvTeLaA57t0bo2HVM uhPza98ESmsW08Jb87XpsbTS0tscEIQ+d7FFWjFN7U0i2A7hqw2Vs5osME7fRbbG5hrp p+wc+RYf2CrAuiIACCmhOmN+LKrdp/EF78BD4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Zytq+dX7B0aCKRzVQz/Ghr2dJWGl3nuxcgDSw32C2I8=; b=vXgfA1SIFWMxwAPcpTR3tQHt3QhEU+ZH3FuI5BpX9mpiFqa2sgids/20F9q2g/I2Zy vU3sgMqbAZf7ZQjWdEFZ2c7HbSf+F6nvr1P9pEm+sfmFFRqTbr713Sy+WyAr+hDWuB1D 7Dbv8VkfK+bAmyJBGI8pGYvgpGkIqoJgBfXUkhe8eAeHOpCM7278HgYSpYDIYHFD2nFV JlflBpjqUfuwEr9XCpWn9bE6TD6X4TBxY60KtWsDaK6w0csSyJnR2k5v/CS9iUy8F+/T cxifjVqmNLP8lRxDelGbGuzK+5xOs7LHyFTuBe4Npgtytm2CjN2qvSATaQ257VrXR2Pv B8QA==
X-Gm-Message-State: AJIora/Rl/1gzAIUHCdTv4Uvn+e3WOFoVB+IPWEggpA/mxYdTnR/B7Z+ 01gqmwMOowWouksatE3hKKj02xOVQL4sxTpBnGZTPf4kkesl6kKA
X-Google-Smtp-Source: AGRyM1sT8ZAzXTo7+EZYcWGPMq8ziu+ZBzpkvnPTWcCocKQjedEk55f8gMkvRSPLOmS0SuRdjLlkAvLWZXPANrSO7f0=
X-Received: by 2002:a1f:f288:0:b0:35d:20f:ffc with SMTP id q130-20020a1ff288000000b0035d020f0ffcmr6232929vkh.1.1655509718551; Fri, 17 Jun 2022 16:48:38 -0700 (PDT)
MIME-Version: 1.0
References: <CAGgd1OevCu61rbCAOv1fcB-eFoRD6CMKnj=5Qy6XVqQroakR0g@mail.gmail.com> <59df1980-2a2a-2e49-09fa-91c1fbef4563@desec.io>
In-Reply-To: <59df1980-2a2a-2e49-09fa-91c1fbef4563@desec.io>
From: Aaron Gable <aaron@letsencrypt.org>
Date: Fri, 17 Jun 2022 16:48:27 -0700
Message-ID: <CAEmnEreNCz1t-qMS3aa0n0nFwMzi4UfDsyJdGkApWdkzD=PYbQ@mail.gmail.com>
To: Peter Thomassen <peter@desec.io>
Cc: Deb Cooley <debcooley1@gmail.com>, IETF ACME <acme@ietf.org>, Dorothy E Cooley <decoole@radium.ncsc.mil>
Content-Type: multipart/alternative; boundary="000000000000b264c105e1ad6438"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/mlP1SfqLgRmLXce9Jw87M94xIlc>
Subject: Re: [Acme] Call for adoption of draft-aaron-acme-ari-02
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Jun 2022 23:48:43 -0000
Apologies for the delay, vacation and then a work conference distracted me. Replies inline: On Mon, May 30, 2022 at 8:54 AM Peter Thomassen <peter@desec.io> wrote: > Hello, > > I have a hard time deciding whether the proposal is a good idea or not, > because the document does not contain sufficient information for me to make > up my mind. In particular, I only see a problem statement and a solution > proposal, but no reasoning on alternatives and why the proposal is the way > to go. > > This may be partly because I'm new to the list, but nevertheless, I think > a document in general should present some arguments for its existence. (But > I'm also happy with pointers to earlier messages on the list.) > You can find prior discussion in these threads: - https://mailarchive.ietf.org/arch/msg/acme/b-RddSX8TdGYvO3f9c7Lzg6I2I4/, the very original proposal, which discusses are variety of motivations and alternate implementations - https://mailarchive.ietf.org/arch/msg/acme/UMRzzS6yh-D6ViwjYt0fgx213qY/, my revival of the idea, which addresses some of the concerns in the original thread It's not my experience that RFCs in this space dedicate significant space in their text to discussing alternative designs, but if others would like to see a section like that added to the draft I'm happy to oblige. In particular, Section 1 states that clients renew certificates either > > a) at specific intervals, or > b) a specific amount of time before the certificate's expiration, or > c) when some percentage of the validity period has passed. > > I buy the argument that this causes problems with load spikes. > > > Cases b) and c) may be alleviated more easily (in particular: with no > client-side complexity, no protocol change, and no extra GET requests to > the server), by smearing the certificate validity period, at issuance, > randomly across 1%, e.g. between 100% and 101%, or between 99% and 100%. > > As a result, renewals would be attempted at random times of the day if the > validity is at least ~3 months. In general, that is achieved if the > smearing is designed to cover a full day. (This is assuming common web PKI > validity periods. For very short-lived (~days) certificates, one would have > to discuss whether such smearing would be too large a fraction of the total > period.) > I think that assuming that current common web PKI validity periods will persist into the future is not a great assumption. We already have things like ACME STAR (https://datatracker.ietf.org/doc/rfc8739/) encouraging certs with lifetimes on the order of days or hours. Renewal timing could be randomized on the client side as well. This would > also cover case a). While requiring a client upgrade, the ARI proposal does > so as well. If it is expected that clients will be sufficiently > upgrade-able in order to get ARI deployed, then what is the reasoning that > the same thing can't be achieved with client-side smearing? > Yes, of course clients could simply implement smearing on their own. But they have little motivation to do so -- there's no standard documenting how they should do so, and it's statistically rare that any one out of hundreds of millions of clients is the one affected by a given load spike. They can just retry and be fine. Having a standard for this provides a template or framework to encourage clients to all implement this in the same way. > I know that some clients do randomize, and it seems like that has not been > successful, otherwise we wouldn't have this draft. Is that the case? Why? > (And we should we have higher hopes for succeeding with ARI support on the > client side?) > > > IMHO, the proposal demands rather high cost (client-side change, > server-side change, protocol change, extra requests). Having some arguments > why it is worth it will make it much easier to decide whether it should be > adopted or not. > But most of the above points are just minor details. At the end of the day, randomization (whether on the server side or the client side) can only accomplish so much -- and that amount is not enough. Suppose that a CA revokes and replaces 100M certificates in a single day. Suppose further that, as you suggest, they smear their validity periods by 1%, meaning that clients will try to renew somewhere between 59 and 61 days after the incident. How many renewal cycles will it take for that 100M-cert-tall load spike to flatten back out into the whole 60 days of smooth issuance it previously covered? Random smearing cannot quickly fix a spike that large, while ARI could *immediately* start asking a small fraction of clients to renew, restoring normal issuance patterns within a single renewal cycle. Suppose that a CA suffers an incident and knows that they will have to revoke and replace 100M certificates in the next 24 hours. They could configure ARI to give all clients a renewal window in the past, encouraging every client that checks in to immediately renew their certificate, minimizing the real-world impact of a mass revocation event. And then they go immediately to the case described above, to prevent additional fallout. Both of these are important use-cases for ARI that have been discussed on this list previously, and which are not able to be served simply by randomly jittering validity periods or renewal times. I hope this provides more insight into why we've gone this direction with the design, and why the draft is important! Thanks, Aaron > Best, > Peter > > > On 5/24/22 13:30, Deb Cooley wrote: > > There has been some discussion of draft-aaron-acme-ari-02 on the mail > list, at working group meetings, and the technical concerns have been > addressed. > > > > Should the ACME WG adopt “Automated Certificate Management Environment > (ACME) Renewal Information (ARI) Extension” in draft-aaron-acme-ari-02? > > > > Please reply to this message within the next two weeks, by Tuesday, 7 > June 2022 to voice your support or opposition to adoption. > > > > On behalf of the ACME WG Chairs, > > Deb Cooley > > > > _______________________________________________ > > Acme mailing list > > Acme@ietf.org > > https://www.ietf.org/mailman/listinfo/acme > > -- > https://desec.io/ > > _______________________________________________ > Acme mailing list > Acme@ietf.org > https://www.ietf.org/mailman/listinfo/acme >
- [Acme] Call for adoption of draft-aaron-acme-ari-… Deb Cooley
- Re: [Acme] Call for adoption of draft-aaron-acme-… Peter Thomassen
- Re: [Acme] Call for adoption of draft-aaron-acme-… Aaron Gable
- Re: [Acme] Call for adoption of draft-aaron-acme-… Melinda Shore
- Re: [Acme] Call for adoption of draft-aaron-acme-… Peter Thomassen
- Re: [Acme] Call for adoption of draft-aaron-acme-… Deb Cooley