Re: [Acme] Alternative proposal for fixing TLS-SNI / revisiting HTTPS-01 authorization
"Matthew D. Hardeman" <mhardeman@ipifony.com> Fri, 12 January 2018 16:46 UTC
Return-Path: <mhardeman@ipifony.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35D1812D93E for <acme@ietfa.amsl.com>; Fri, 12 Jan 2018 08:46:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Level:
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WGxtBjVotKZ6 for <acme@ietfa.amsl.com>; Fri, 12 Jan 2018 08:46:49 -0800 (PST)
Received: from mail.ipifony.com (mail.ipifony.com [199.71.210.39]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7E77612D87E for <acme@ietf.org>; Fri, 12 Jan 2018 08:46:49 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.ipifony.com (Postfix) with ESMTP id 0900FB4091A; Fri, 12 Jan 2018 10:46:49 -0600 (CST)
X-Virus-Scanned: amavisd-new at ipifony.com
Received: from mail.ipifony.com ([127.0.0.1]) by localhost (mail.ipifony.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zgq1z+LTuzxv; Fri, 12 Jan 2018 10:46:48 -0600 (CST)
Received: from [10.47.52.51] (68-117-162-146.dhcp.unas.al.charter.com [68.117.162.146]) by mail.ipifony.com (Postfix) with ESMTPSA id DD704B40911; Fri, 12 Jan 2018 10:46:47 -0600 (CST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: "Matthew D. Hardeman" <mhardeman@ipifony.com>
In-Reply-To: <20180112164233.GA31841@LK-Perkele-VII>
Date: Fri, 12 Jan 2018 10:46:47 -0600
Cc: "Gerd v. Egidy" <gerd.von.egidy@intra2net.com>, acme@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <EBAA4D8C-FBBA-427C-8BE7-07C98D4E3002@ipifony.com>
References: <1812883.r3FRolLa0t@thunder.m.i2n> <20180112164233.GA31841@LK-Perkele-VII>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/nnebxRUJCDYaog0cVCWSIK07KBw>
Subject: Re: [Acme] Alternative proposal for fixing TLS-SNI / revisiting HTTPS-01 authorization
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jan 2018 16:46:51 -0000
> On Jan 12, 2018, at 10:42 AM, Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > > On Fri, Jan 12, 2018 at 05:20:39PM +0100, Gerd v. Egidy wrote: >> >> The problem mentioned with running HTTP-01 over HTTPS was the default-vhost >> problem. But that could be avoided with checking the SAN like this: >> >> The client creates a self-signed certificate or uses a certificate signed >> by any CA as long as it carries the hostname he wants to challenge within >> the subject alternative names (SAN). >> >> The CA does the regular HTTP-01 request. But this request is via HTTPS >> and the CA sends the hostname via SNI. The CA does not do any validity or >> trust checks on the presented certificate except to check the hostname >> in the subject alternative names for authorization. >> >> I'd call this type of challenge "https-01" to let the client explicitly >> request this type of challenge in contrast to requesting "http-01" over >> http. > > That is still vulernable to default-vhost issues if: > > - The hoster does not explicitly reserve default vhost (I have seen that > kind of behavior with http:// too). > - The hoster lets customers upload arbitrary certificates. > > Note that this is strictly stronger condition than the one for TLS-SNI > vulernability, which only required capability to upload arbitrary > certificates, but not to control default vhost. > > (And there are countermeasures that can detect default vhosts). This vulnerability would also require that not only a customer can upload an arbitrary certificate but that they can cause that hosting infrastructure to present said certificate upon matching the SNI label being sent in, correct? Generally that would mean that the attacker would have to be the party in control of the default vhost correct?
- [Acme] Alternative proposal for fixing TLS-SNI / … Gerd v. Egidy
- Re: [Acme] Alternative proposal for fixing TLS-SN… Ilari Liusvaara
- Re: [Acme] Alternative proposal for fixing TLS-SN… Matthew D. Hardeman
- Re: [Acme] Alternative proposal for fixing TLS-SN… Gerd v. Egidy
- Re: [Acme] Alternative proposal for fixing TLS-SN… Matthew D. Hardeman
- Re: [Acme] Alternative proposal for fixing TLS-SN… Matthew D. Hardeman
- Re: [Acme] Alternative proposal for fixing TLS-SN… Ilari Liusvaara
- Re: [Acme] Alternative proposal for fixing TLS-SN… Matthew D. Hardeman
- Re: [Acme] Alternative proposal for fixing TLS-SN… Gerd v. Egidy
- Re: [Acme] Alternative proposal for fixing TLS-SN… Ilari Liusvaara
- Re: [Acme] Alternative proposal for fixing TLS-SN… Ilari Liusvaara
- Re: [Acme] Alternative proposal for fixing TLS-SN… Gerd v. Egidy
- Re: [Acme] Alternative proposal for fixing TLS-SN… Ilari Liusvaara
- Re: [Acme] Alternative proposal for fixing TLS-SN… Matthew D. Hardeman
- Re: [Acme] Alternative proposal for fixing TLS-SN… Ilari Liusvaara