Re: [Acme] tls-alpn-01 spec: TLS-SNI history
Ryan Sleevi <ryan-ietf@sleevi.com> Thu, 21 June 2018 14:56 UTC
Return-Path: <ryan-ietf@sleevi.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8422E130EA2 for <acme@ietfa.amsl.com>; Thu, 21 Jun 2018 07:56:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sleevi.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XZigjJmF08nj for <acme@ietfa.amsl.com>; Thu, 21 Jun 2018 07:56:38 -0700 (PDT)
Received: from homiemail-a102.g.dreamhost.com (homie-sub4.mail.dreamhost.com [69.163.253.135]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AF36E130DF0 for <acme@ietf.org>; Thu, 21 Jun 2018 07:56:38 -0700 (PDT)
Received: from homiemail-a102.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a102.g.dreamhost.com (Postfix) with ESMTP id EB3B12004E50A for <acme@ietf.org>; Thu, 21 Jun 2018 07:56:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=mime-version :in-reply-to:references:from:date:message-id:subject:to:cc :content-type; s=sleevi.com; bh=+d8qG+EOBOP53jG/hl3V0oFUsz4=; b= vuRtvZD/mqakjvEpUYj/uF9KzyR9VYaiMCxy8vlMEuqBxtNHChtcSt6iFRCk071O 7uovHMEn/UkDkTC7UHmVDNCSI7C73k90LqagRvVsYlb+5ZrmGP+GkDBTwhLiM3N9 0ayT2wcGE1vZSfdqpZYZlg3xEtU3pB7EEZMbyb8XZeo=
Received: from mail-it0-f43.google.com (mail-it0-f43.google.com [209.85.214.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ryan@sleevi.com) by homiemail-a102.g.dreamhost.com (Postfix) with ESMTPSA id D776B2004E507 for <acme@ietf.org>; Thu, 21 Jun 2018 07:56:37 -0700 (PDT)
Received: by mail-it0-f43.google.com with SMTP id v83-v6so5187738itc.3 for <acme@ietf.org>; Thu, 21 Jun 2018 07:56:37 -0700 (PDT)
X-Gm-Message-State: APt69E3bnTM5KTDcQ7MXHsrfuDc7QczR5bik7bASwa3pguIb0MzedgTF QkXWvFl4JgheSXxSaQI6gPjJVL1Q6VR3Lu0GUkU=
X-Google-Smtp-Source: ADUXVKJMRUQD+kQGCC3VZ4EJTRhnJC2J66rYJhGp+2N6Lw2kVF1TpKxT9SkLV0YY112KQPk//uU5Neqx4ZDj+nf2Fec=
X-Received: by 2002:a24:1ad7:: with SMTP id 206-v6mr5389415iti.148.1529592997233; Thu, 21 Jun 2018 07:56:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a02:986a:0:0:0:0:0 with HTTP; Thu, 21 Jun 2018 07:56:36 -0700 (PDT)
In-Reply-To: <BN6PR14MB11060497CCB0337F3B8CEC4983760@BN6PR14MB1106.namprd14.prod.outlook.com>
References: <4A77AEB5-0982-47C2-86AC-BD99D8D9E6F3@felipegasper.com> <20180620093445.GA23561@LK-Perkele-VII> <BN6PR14MB11060497CCB0337F3B8CEC4983760@BN6PR14MB1106.namprd14.prod.outlook.com>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Thu, 21 Jun 2018 10:56:36 -0400
X-Gmail-Original-Message-ID: <CAErg=HHRx6e-4Y_7NQSN9KOtTL0iUuJ-K6Tz3BjDGEgyUoSR7A@mail.gmail.com>
Message-ID: <CAErg=HHRx6e-4Y_7NQSN9KOtTL0iUuJ-K6Tz3BjDGEgyUoSR7A@mail.gmail.com>
To: Tim Hollebeek <tim.hollebeek@digicert.com>
Cc: Ilari Liusvaara <ilariliusvaara@welho.com>, Felipe Gasper <felipe@felipegasper.com>, ACME WG <acme@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000404d21056f281f7c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/nH4a8-1Nylw22zz-C0ZYzB6NVJc>
Subject: Re: [Acme] tls-alpn-01 spec: TLS-SNI history
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2018 14:56:41 -0000
On Thu, Jun 21, 2018 at 8:40 AM, Tim Hollebeek <tim.hollebeek@digicert.com> wrote: > > > TLS-ALPN addresses the latter problem by requiring the server_name to > match > > the validation target (which is AFACIT also required by the Baseline > > Requirements). This stops claiming arbitary names from allowing > > misvalidations. > > This was certainly the intent. Never in over two years of some pretty > detailed discussions about the mechanics of validation did anyone ever > propose it was reasonable to validate domain name A by contacting > the web server for a name that is not A (except for the approved the > _prefix > stuff). > That's not what is done under TLS-SNI. > I realize that after it was pointed out that TLS-SNI was horribly broken > in this regard, there were attempts by some to retroactively claim that > such behavior was compliant, but I always found those explanations a > bit tortured and unconvincing. Certainly if I a large commercial CA had > made them, they would have been laughed at and ridiculed. > Considering that large commercial CAs similarly interpreted the language as described, I don't think this claim is well-supported. At the time of TLS-SNI, it was seen as acceptable practice, and indeed, judging by the minutes, CAs that similarly interpreted it as such were actively participating in the validation WG and explicitly suggesting equivalent solutions. > I would actually love to work with some people on updating the CABF > method 10 validation requirements in order to properly express the > security requirements that ALPN-01 satisfies. The whole TLS-SNI > experience showed that Method 10 does not have sufficiently rigorous > requirements to guarantee it actually validates what it claims to validate. > Since the CABF VWG is currently working on adding more security rigor > to all the approved validation methods, it would be a great time to fix > up Method 10. > > ALPN-01 is a much better validation method, and I'm very thankful > to all the people who worked hard to come up with a replacement, > which as far as I can tell from looking at it briefly (I wish I had more > time) > looks pretty secure and robust. > I think it's good for CAs to look at improving validation requirements. I think an easier way, however, than that attempt to describe prosaically what TLS-ALPN expresses from guarantees is a simple and explicit requirement to use TLS-ALPN. To that end, the question for TLS-ALPN spec is whether it sufficiently expresses the expectations for where things go right - and the handling mode for errors along the way. Thus, if there is any time or energy for fixing Method 10, it seems that diverting it to TLS-ALPN and ensuring it's well-specified in terms of failure handling and expectations is the best way to achieve that laudable goal.
- Re: [Acme] tls-alpn-01 spec: TLS-SNI history Ryan Sleevi
- Re: [Acme] tls-alpn-01 spec: TLS-SNI history Tim Hollebeek
- Re: [Acme] tls-alpn-01 spec: TLS-SNI history Felipe Gasper
- Re: [Acme] tls-alpn-01 spec: TLS-SNI history Ryan Sleevi
- Re: [Acme] tls-alpn-01 spec: TLS-SNI history Tim Hollebeek
- Re: [Acme] tls-alpn-01 spec: TLS-SNI history Ryan Sleevi
- Re: [Acme] tls-alpn-01 spec: TLS-SNI history Ilari Liusvaara
- [Acme] tls-alpn-01 spec: TLS-SNI history Felipe Gasper