IETF Logo Mail Archive

Re: [Acme] [Technical Errata Reported] RFC8555 (6950)

Lloyd W <lloyd.wood@yahoo.com> Mon, 08 January 2024 21:50 UTC

Return-Path: <eclipticplane2002@yahoo.co.uk>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7FBA2C151989 for <acme@ietfa.amsl.com>; Mon, 8 Jan 2024 13:50:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.365
X-Spam-Level:
X-Spam-Status: No, score=-4.365 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, FREEMAIL_REPLY=1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, MIME_HTML_ONLY=0.1, MIME_HTML_ONLY_MULTI=0.001, MIME_QP_LONG_LINE=0.001, MPART_ALT_DIFF=0.79, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=yahoo.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v5SMASDf-c3X for <acme@ietfa.amsl.com>; Mon, 8 Jan 2024 13:50:34 -0800 (PST)
Received: from sonic308-18.consmr.mail.ir2.yahoo.com (sonic308-18.consmr.mail.ir2.yahoo.com [77.238.178.146]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 885EDC18DBAD for <acme@ietf.org>; Mon, 8 Jan 2024 13:50:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1704750631; bh=YHpLvVBmdCvLzwk1uFH0eTIWBpBkZev4ti4vSTPA1hQ=; h=From:Subject:Date:References:Cc:In-Reply-To:To:From:Subject:Reply-To; b=AqUjGwWluNSHs5jrHVIh/5K46BZNoqzNQg8SnumKNHuZVxySU6v0TnTq5FAgH2XyNQ9EdWdOf6ZrN3P3CRaS06N7FZeurl12ZZuTDU1GR3wBOAzWkzfrxG6sEiQeklzv2VaBgDsBKjxBj1FizObV42ciJLwNL4z7YbmodBC+Av1R77Dgx6db2v9EMuzWD7WP+COLdXLY680dQU2tuB4QQxuNSgIhaNKRDItSd2D1+ph5Bt/nsUgz3rbLOqEBtEmqAPzEZi/8g3XQRGfEXkJRZeQnIx5lXLle7lsHxcxuWuqL2VZDF7YlCPf3A4vPs6JjM8fDJ1X0wE2+BNuKc8tItw==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1704750631; bh=Us7GHiHej7SdL1BAqLUKg8qHT/zFEHbB0YQXW8j0TSz=; h=X-Sonic-MF:From:Subject:Date:To:From:Subject; b=piyPS5zG5UbWbF/fUdkzK0pMWarV+83ShZpl3hsLe2RaLleLgirEyHMlE2rmVzEGAYkQobjKhtdSxKU0BvNVUfKRq6fpLtlu6d3e7Zm9uIKXdaWhmle2Mu6ZDNBkYzJJOeF0W+RzgsEdQ44I8QIBuaiI+gBzcdcW72XNaMVlTP7Yjklv128DFxCa98esBCexuv9gE/8rFDGRkfVV/MuwpvR6TSOPN2o2jyAqi3F8VNkJ++tmV4+nj4XXmIB3frWmBKmq4Lib2SWeBhOQz27ODDvX+4WUkt0BkkwZ+6bei4DHuLc2QHZ2IOM77OFQrUb0JgUqW03VQaR2jIawU0Fh5Q==
X-YMail-OSG: mw5yYvgVM1kC_nU79LbRZDS3x.PTS0oROEZ60W995hooL9AmrpjUwncN0mCN1lT Arb.W9NNWsjVkoGBdqY9IMQ813HsyfTTcAQjKFxZuldCHLEwyJyBO2W72vLoRmnWSkldnCAiwdjC LyW9H8FKbo8zPa_Jy6x7FX.sL2vlY2QYu.C17u.A2a2_D1u40dqGtoV4LBVQTd_17a3keWQDS1AA 3YOGCDAyk2BLJ8D90azVgCQaJW8rgIu3SGNkhhnJB1MybJkR9R.Xa3Hs.vbID.boLVuP6xXyP7iY OBABKUKRgO4VSPl3eQ6Dw8afH6Noev_mTySrS1lAbOhmVaXbNdsRln8wvb5KjLX7ERMIgQR0qC0E evca5m5eZX2wFTyy29._EP0oiYa9XSeRDYQcJ1K_PxrlPPeZcxoGjs7r10S690SXtn1m1pAslhE1 4OXRFny5BrdJB5h2qlYaZa0e24k5Xsob._0sQ91vC0izmAT9yZIri8Il922SjrwpOd.iYB6me.wL G7IpWd3XSd6G5J1t2iL.bs4Sa3AkOi33lVq.w3qLUQmF3PBhr6Bb0kGBTerIakEt2jUKJt7C7WLn s5hVoLSCLT2s2g6tGvk_Cz_RUQd076kCu0eIdUQlzZNBznVkdQMr88qb3wDj373seReykN72733Z 4V6sVPLiVJOK9ZyjXdZURzt9X9TXmn3aBpIMn50rA7eXA_aniL4Vy.C4y7Ln9wej7EQwAhWx0ap1 qP7XV_KH32g2F7RWXZyYQe3Mkqr_7Oim2QpA7RJUpsgjCmoxrU7fOPPLlWPt4SfbgJjK7nugT3V0 .IRIlX7Ls5X6648BguEd6.M69CKYKso1GwGz0_kHUSgBWty4a5pp4FaRgfLrdf2HLp8uXyS4mrhF 7aMMw8PqRf0yEVAzLZm3ZjpQNF1j4usxBlpPl_s3C..C.5GBOkXZwVtcUGWcYIBE0CROt2kLihvk 2iSxbsqBdgR38GLBBFfhaoanBfxSFJLCRM98oJEFYCZ4aeD_FSfw6fYUDxCTRV62zbqkUq4Bg2Ug nWL3_SYA7z_ItUfbunjjzUhECfCM8EGwdQ5aGfLaHNM9_VZWHB6VXAEJ0DBSp7aJ.MnjnU1QlfQ0 fflIgpmHPKgGQ1rD6s5XUoOB61Zja7aVwxoFuV22nU0NpfEgjFCnXls2RFlLdyQScrQ5eV_yQQIS o.aQCVVMsyvEJAx7gYvcekctv.tgldxoUwFgdro8ByX4O2iFGrVo7Xga4QIJWgeuQ22hTO1VChFt l7EV9tQLEqZ5Y6mGPNd.ITOemkmauhJpik78sM2h240Be.q5iSdoeUWdEb68lbXfdl7ikZHDnMBx PmTCP60w0z0D4iJQbsI2cPHfalqPZIiVPusHlc.ImjwRuiYRqChFKHnyaDN82zjCb2GyNsQvy890 nNz.ih7PrxZuGiHFo6p8YmxerrSmURPYOoCaLjNZl.9sj69O9i6Kp5JUH6h.PXlHNbZCUQnS6A1f mw0iMjD8qLm8ecNCylWUlaALqQUMP_yWaoHVq5ICC6e87jchpO019uJAR4aMJLGT4zhvg25ahDrB FDYzSFUpDT4t16LWzSxKEYdaAJtrAFwn5yjp1bA1a5IH4z8ltj3wI.6yrO0aFzoX_Ck9RaixCRC0 pUERp5HOvIFd5K2M2XfOndGy8NfN9.AxsBA6wpd8VK1wTObSrHibTqw6epylrO1356IiSmoHOhwy gjVYXCreWRnQx8L6Qf8XYjsTyJdnhRfQmpNXVNj25hY6v2_z90INyAw68fxUH81bDGNvyJHMy4SZ MAO8lvaJXx_SJ701fmyOgWNAXF.W7e7XUKlZ_kTtn3PjQi4WGbo3wJ_3k.CHFCIqzI8i78_yObT4 Kwd1hLXUfZykXAeGq4r.kMg8jRAaCdBf4aZEDRw0hbF9tVHfYwUJIV9HWpyP3FyUweOUmodp26nI myg3xq1Sh0ejSRN44QNzhwEc1SHAMr3lPoc_XHI005KgXE672bT4U9GxP8i_6izcvn6UHQ3VbRep tm8oUk.v40r9ax26IzyYWsF4Re1DGYAwgYS.9cWC8w_6JBKHC113h0HYAxLUPX9i3N5bZjOnvhhy maG9bnr4xEBkGNgR1qvB8WnHB4dYDD8bqKmX2TVrUZLEKOwXr8_BguDTPgwOxYRNs6ow9OvxQjGs spbxKzRP1KBI9YcvyDImaSfiYmg29xkGf5ZCvfbcj5OuUeWsdRJQXXNr9KzwNNdbxMitblmYBuy. olYWjF3PrduFmn2ngj8hiWOhe4Nrl9TbSoECpQmDB1yUEi5ZYcSWnFpUfCXxjcjFqwBy2XEmoY9Q pq5Rg.0TBpw--
X-Sonic-MF: <eclipticplane2002@yahoo.co.uk>
X-Sonic-ID: 34ae31c1-85b0-4d2a-87d0-82cea9221389
Received: from sonic.gate.mail.ne1.yahoo.com by sonic308.consmr.mail.ir2.yahoo.com with HTTP; Mon, 8 Jan 2024 21:50:31 +0000
Received: by hermes--production-gq1-6949d6d8f9-ghhkt (Yahoo Inc. Hermes SMTP Server) with ESMTPA ID a604d2cd55e4858b5f0de82df6d84756; Mon, 08 Jan 2024 21:50:28 +0000 (UTC)
Content-Type: multipart/alternative; boundary="Apple-Mail-600550CC-7C89-47CD-BA8A-32DD436B6751"
Content-Transfer-Encoding: 7bit
From: Lloyd W <lloyd.wood@yahoo.com>
Mime-Version: 1.0 (1.0)
Date: Tue, 09 Jan 2024 08:50:14 +1100
Message-Id: <289F6970-1D9E-4937-AC30-0A2E30731C7A@yahoo.com>
References: <CAGgd1OceuyVxeudN9UKnmPNZbU7iE1M6EEHj1o8Ofb-ATyyY-A@mail.gmail.com>
Cc: lloyd.wood@yahoo.co.uk, rlb@ipv.sx, jsha@eff.org, jdkasten@umich.edu, rdd@cert.org, ynir.ietf@gmail.com, acme@ietf.org, RFC Errata System <rfc-editor@rfc-editor.org>
In-Reply-To: <CAGgd1OceuyVxeudN9UKnmPNZbU7iE1M6EEHj1o8Ofb-ATyyY-A@mail.gmail.com>
To: Deb Cooley <debcooley1@gmail.com>, The IESG <iesg@ietf.org>
X-Mailer: iPad Mail (21C62)
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/sfYwSiIJbDc082ytDACkunq5lhQ>
X-Mailman-Approved-At: Tue, 09 Jan 2024 03:27:40 -0800
Subject: Re: [Acme] [Technical Errata Reported] RFC8555 (6950)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jan 2024 21:50:38 -0000

I _think_, two years ago, I was very interested in entropy, and how this Base64 specification seemed to us to be quite sloppy and open to misinterpretation, with expectations of entropy not being met, resulting weaknesses in protocols relying on it, etc.

But that was two years ago, when I was interested in entropy.

I'm frankly now far more interested in whether errata response and resolution is clearly defined in process and outcomes, with expected response times, whether waiting two years for a response to a raised erratum is reasonable, how the response baton gets passed along to ensure someone knowledgeable responds in a timely fashion, etc.

so, cc'ing IESG for their view on that.

best


still jetlagged!

On 5 Jan 2024, at 23:49, Deb Cooley <debcooley1@gmail.com> wrote:


My question to you would be:  which RFC will make the most impact?  Seems like your comments weren't really targeted at ACME per se, but at how to measure entropy using Base64 encoding?  I have not read RFC 4086 closely, but an RFC like that would impact all of them.

Just my thoughts... 
Deb Cooley

On Fri, Jan 5, 2024 at 7:43 AM <lloyd.wood@yahoo.co.uk> wrote:
Thanks for that.

Well, I stand by my detailed comments of (checks dates) two years ago. Which I had forgotten I ever even made!

I know, covid and all, but lately in the past few years I’ve been sensing a vibe of why-even-bother-submitting errata anyway. (and sitting in a Tokyo airport transit lounge, heavily jetlagged, is really not the place for me to do any detailed analysis.)

Perhaps reframing it as some security concern, since entropy, might prompt wider review? security types are quite keen on this stuff, and do tend to like rigour in specifications to close off implementation misunderstandings loopholes.

best


On Friday, January 5, 2024, 21:14, Deb Cooley <debcooley1@gmail.com> wrote:

I did some reading, some consulting, and some pondering.  I want to reject this errata.

1.  The original paragraph:  
token (required, string):  A random value that uniquely identifies
      the challenge.  This value MUST have at least 128 bits of entropy.
      It MUST NOT contain any characters outside the base64url alphabet
      and MUST NOT include base64 padding characters ("=").  See
      [RFC4086] for additional information on randomness requirements.
In my opinion this is sufficient.  It specifies how much entropy (w/ a ref), and specifies what cannot be included (padding, non-base54 characters).
Let me know if you have other thoughts.
Deb

On Thu, Jan 4, 2024 at 7:41 AM Deb Cooley <debcooley1@gmail.com> wrote:
opinions?  Does entropy have to be measured as a base64 encoded value? 

Deb

On Mon, May 2, 2022 at 4:31 AM RFC Errata System <rfc-editor@rfc-editor.org> wrote:
The following errata report has been submitted for RFC8555,
"Automatic Certificate Management Environment (ACME)".

--------------------------------------
You may review the report below and at:
https://www.rfc-editor.org/errata/eid6950" target="_blank">https://www.rfc-editor.org/errata/eid6950

--------------------------------------
Type: Technical
Reported by: Lloyd Wood <lloyd.wood@yahoo.co.uk>

Section: GLOBAL

Original Text
-------------
token (required, string):  A random value that uniquely identifies
      the challenge.  This value MUST have at least 128 bits of entropy.

Corrected Text
--------------
token (required, string):  A random value that uniquely identifies
      the challenge.  This value MUST have at least 128 bits of entropy, which in the
      base64url alphabet means a minimum string length of 22 characters if the full
      scope of the base64url alphabet is in use in the token, by:
                        log2(64^22) = 132 bits of entropy



Notes
-----
This standards-track document doesn't specify the string ramifications for entropy; I'd expect it to be called out to implementers, just the once, and then referred to later at other tokens.

If entropy is log2 the number of possible characters (64 if full base64url set of chars is in use) then
log2 (64^21) = 126
log2 (64^22) = 132

so a minimum of 22 characters are needed to get a minimum of 128 bits of entropy in the token.

But, if the random value is specified using a subset of the base64url, say because the implementer doesn't like or use CAPITALS or (most likely) the punctuation symbols, then the token must necessarily be longer to meet the local implementer entropy requirement (though just losing only the punctuation marks means you're still good and meet the requirement with 22 characters). Not sure that matters so much on the wire.

I also have editing nits about base64url being defined clearly in ABNF just for Replay-Nonce:, but then both 'base64 alphabet' and 'base64url alphabet' are in use in the document, and base64url references are to RFC4648 via RFC7515, but those are to Base64url, not to base64url... it all seems a bit inconsistent editingwise. So all the references to 'base64 alphabet' should be to 'base64url alphabet' as defined in the doc, but it should really be 'Base64url alphabet' to be consistent with references?

(I really think that it should have been called 'Base-64_url alphabet' way back when to enphasise the punctuation use, but that ship has sailed.)

To me, 'base64 alphabet' is the a-zA-Z subset of base64... I think the document could be much clearer in this regard, and I hope any doc revisions taking into account all the other errata raised consider this too.

My thanks to Lee Maguire for pointing much of this out.

Instructions:
-------------
This erratum is currently posted as "Reported". If necessary, please
use "Reply All" to discuss whether it should be verified or
rejected. When a decision is reached, the verifying party 
can log in to change the status and edit the report, if necessary.

--------------------------------------
RFC8555 (draft-ietf-acme-acme-18)
--------------------------------------
Title               : Automatic Certificate Management Environment (ACME)
Publication Date    : March 2019
Author(s)           : R. Barnes, J. Hoffman-Andrews, D. McCarney, J. Kasten
Category            : PROPOSED STANDARD
Source              : Automated Certificate Management Environment
Area                : Security
Stream              : IETF
Verifying Party     : IESG

v2.23.0 | Report a Bug | By Email