[Acme] How does ACME handle domain reuse?
SJ Kissane <skissane@gmail.com> Thu, 26 March 2015 05:26 UTC
Return-Path: <skissane@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D840C1ACD42 for <acme@ietfa.amsl.com>; Wed, 25 Mar 2015 22:26:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mnEHwmvqTrqq for <acme@ietfa.amsl.com>; Wed, 25 Mar 2015 22:26:24 -0700 (PDT)
Received: from mail-qg0-x22e.google.com (mail-qg0-x22e.google.com [IPv6:2607:f8b0:400d:c04::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7CBA21A89E0 for <acme@ietf.org>; Wed, 25 Mar 2015 22:26:24 -0700 (PDT)
Received: by qgfa8 with SMTP id a8so76214421qgf.0 for <acme@ietf.org>; Wed, 25 Mar 2015 22:26:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=TRdIWVs4ibzlE0tzo1j02milQWnSTqv4qFZLCVeRGI0=; b=d61QRJFu+Ard4W9TiXeLnKUNJ7hw7lC+466K5qtxuhW2D50c8klcqLLx6iDU67WD1p +gd8e9gp9mTCtJCW0ZQq5/KXhVVKNGZ3vPoPaN0eqZqfRs0UkBlaEdy9S0dv3jjHIYcg xGKc1MlTOCf0PvVT1OYYsIhUzky/jxJ6zCZeH1EBJulHLHBDp2hIr64iXg2nOJmGXKru VYUNiIoMQYbfPoebyug4KEeF1bVQrY+9p/XHNX0inA87AeGM/jKYu9cOA859QJWCBHmR YNeitBRgz4jF54EacT6Bk3WVOqEJqsOyvW9e9HtUlJJ4YkvWrV7oKVSxEArk2pEt8hju EL3A==
MIME-Version: 1.0
X-Received: by 10.140.195.5 with SMTP id q5mr16770766qha.58.1427347583873; Wed, 25 Mar 2015 22:26:23 -0700 (PDT)
Received: by 10.140.19.37 with HTTP; Wed, 25 Mar 2015 22:26:23 -0700 (PDT)
Date: Thu, 26 Mar 2015 16:26:23 +1100
Message-ID: <CACX070BWaf1MGMNkOO61JbrP4hP3P0PsMsR3Ozkad1eOHRrmoQ@mail.gmail.com>
From: SJ Kissane <skissane@gmail.com>
To: acme@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/pYx2tKO_dYM-k_kqbhL6jd32Zek>
X-Mailman-Approved-At: Fri, 03 Apr 2015 10:27:11 -0700
Subject: [Acme] How does ACME handle domain reuse?
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2015 05:26:26 -0000
Hi Sally registers the domain example.com to host her website. She uses ACME to SSL protect it. Later, Sally loses interest in her website and decides not to renew example.com, and it expires. Steve wants to start a website - he notices that example.com is unregistered, so he registers it and opens his own website on it. He then tries to use ACME to SSL protect it. How should the ACME server distinguish this (entirely legitimate) domain reuse scenario from a domain hijacking attack? Steve doesn't know Sally, cannot rely on Sally to provide the recovery token. Steve might be very disappointed to discover he can't use ACME for SSL, simply because a previous registrant of the same domain name has already used it. How will ACME protocol handle this? One option is maybe the ACME server operator can scan WHOIS records to detect changes in domain ownership. This still might pose a problem for subdomains, e.g. if I allow other people to register under my example.com, and then one of the subdomain users sets up ACME, and then I want to use subdomain for something else, and then suppose I cannot get the former subdomain assignee to hand over the recovery token. Maybe we need a way in the protocol for a parent domain controller to revoke control of the child domain. So if I control example.com, and authenticate to ACME using example.com, I can then make ACME revoke foo.example.com, even if I don't know the recovery token for it. Or possibly, the right solution is non-technical: ACME server operator establish an out of band manual process to handle these scenarios. But, even if you decide that is the answer, the RFC should still discuss these scenarios, and require the ACME server operator to establish a policy/business process to handle them. Regards Simon
- [Acme] How does ACME handle domain reuse? SJ Kissane
- Re: [Acme] How does ACME handle domain reuse? Ted Hardie