IETF Logo Mail Archive

Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-acme-14: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Sun, 16 September 2018 15:41 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3A50E127B92 for <acme@ietfa.amsl.com>; Sun, 16 Sep 2018 08:41:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gW3rszxIFeM5 for <acme@ietfa.amsl.com>; Sun, 16 Sep 2018 08:41:49 -0700 (PDT)
Received: from dmz-mailsec-scanner-4.mit.edu (dmz-mailsec-scanner-4.mit.edu [18.9.25.15]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23CD6120072 for <acme@ietf.org>; Sun, 16 Sep 2018 08:41:49 -0700 (PDT)
X-AuditID: 1209190f-5f9ff70000005842-33-5b9e79bb173a
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-4.mit.edu (Symantec Messaging Gateway) with SMTP id E4.FD.22594.BB97E9B5; Sun, 16 Sep 2018 11:41:48 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id w8GFfkCZ007723; Sun, 16 Sep 2018 11:41:46 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w8GFfgai017195 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Sun, 16 Sep 2018 11:41:45 -0400
Date: Sun, 16 Sep 2018 10:41:42 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Felix Fontein <felix=40fontein.de@dmarc.ietf.org>
Cc: acme@ietf.org
Message-ID: <20180916154142.GZ48265@kduck.kaduk.org>
References: <153556883241.14872.599302420878484743.idtracker@ietfa.amsl.com> <CAL02cgQoC1YAA1wjftoFSMBfm7Vi4KUXUQW633GZ5tM9VMMrmg@mail.gmail.com> <CAKnbcLgNrmqWp4BUz=c2-Y5NQ3FqfPe3-RqRp_ocWxv+c+jWWA@mail.gmail.com> <20180916015154.GU48265@kduck.kaduk.org> <20180916173537.1fe0d18d@rovaniemi>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20180916173537.1fe0d18d@rovaniemi>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFvrGIsWRmVeSWpSXmKPExsUixCmqrbuncl60wYl1jBarngdabJqzmMmB yePEsiusHkuW/GQKYIrisklJzcksSy3St0vgylgy/zhjwWKRivl7HrA2MG4V6GLk5JAQMJFY 0/+MqYuRi0NIYDGTxP9pU9kgnI2MEmvP32WEcK4ySVz5tYMRpIVFQFWi58kDVhCbTUBFoqH7 MjOILSJgKrGoZy9YnFlAUGLPie9AcQ4OYYFUicOrKkHCvEDbVk2/zAIxczWTxMFpy5khEoIS J2c+YYHo1ZK48e8lE0gvs4C0xPJ/HCBhTgEDib83G8FKRAWUJfb2HWKfwCgwC0n3LCTdsxC6 FzAyr2KUTcmt0s1NzMwpTk3WLU5OzMtLLdI10cvNLNFLTSndxAgOUkn+HYxzGrwPMQpwMCrx 8EaEzI0WYk0sK67MPcQoycGkJMq71Wt2tBBfUn5KZUZicUZ8UWlOavEhRgkOZiUR3o/f5kQL 8aYkVlalFuXDpKQ5WJTEec/qTo4WEkhPLEnNTk0tSC2CycpwcChJ8KZWzIsWEixKTU+tSMvM KUFIM3FwggznARpuAVLDW1yQmFucmQ6RP8Woy/Hn/dRJzEIsefl5qVLivMUgRQIgRRmleXBz QMlFInt/zStGcaC3hHnPglTxABMT3KRXQEuYgJZkbAD5oLgkESEl1cBoZuFgWOIdILnrBkOZ +sU5QckLvfTY893UD1yeITO/dM9CF587LJb7qudtW1q9pSv/koTxwdYQhRnbevzzuJT1a4/5 MZrZWYaf9NmRyzztS07x6tP3ouRqQmXXLKytlvyS62Pvv7xmTZf5wun+z6vXtZSu9XRMOrsl 1y1eiT+KrUuk3rVqshJLcUaioRZzUXEiADrZcQkJAwAA
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/tnoDgjuEuWNopahRj5r5Uk1l8Ks>
Subject: Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-acme-14: (with DISCUSS and COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Sep 2018 15:41:51 -0000

On Sun, Sep 16, 2018 at 05:35:37PM +0200, Felix Fontein wrote:
> Hi,
> 
> > > >    [...] Secondly, the entropy requirement
> > > >    prevents ACME clients from implementing a "naive" validation
> > > > server that automatically replies to challenges without
> > > > participating in the creation of the initial authorization
> > > > request.
> > > >
> > > > IMPORTANT: I'm not sure I see how this applies to the HTTP
> > > > mechanism -- couldn't you write a script to reply
> > > > to .well-known/acme-challenge/<foo> with <foo>.<key thumbprint>
> > > > for a fixed key thumbprint?  The validation server would ned to
> > > > know about the ACME account in question, but not about any
> > > > individual authorization request.  
> > > 
> > > It would also need to know the <foo> value, which is not provided
> > > in the validation request specifically to avoid this.  
> > 
> > As I said above, "[w]ell now I'm really confused."  In the example
> > HTTP challenge exchange (duplicated here):
> > 
> > GET /.well-known/acme-challenge/LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0
> > Host: example.org
> > 
> > HTTP/1.1 200 OK
> > Content-Type: application/octet-stream
> > 
> > LoqXcYV8q5ONbJQxbmR7SCTNo3tiAXDfowyjxAjEuX0.9jg46WB3rR_AHD-EBXdN7cBkH1WOu0tA3M9fm21mqTI
> > 
> > Doesn't the path in the GET include the <foo>?
> 
> Yes, and some people are already using this to add a generic
> authorization replier (which needs the thumbprint of the account key).
> For example, the acme.sh client supports this "stateless mode" (as it
> is called there):
> https://github.com/Neilpang/acme.sh/wiki/Stateless-Mode

Okay, that matches up with my understanding and maybe un-confuses me.

But does this state of affairs nullify the text in the -14 about:

   [...] the entropy requirement
   prevents ACME clients from implementing a "naive" validation server
   that automatically replies to challenges without participating in the
   creation of the initial authorization request.

?

-Benjamin

> (There currently is also a discussion in the Let's Encrypt community
> forum about this, see
> https://community.letsencrypt.org/t/xss-via-acme-implementations/72295;
> this is because some implementations do not restrict the allowed input
> and thus allow XSS attacks, as described here:
> https://labs.detectify.com/2018/09/04/xss-using-quirky-implementations-of-acme-http-01/)
> 
> Cheers,
> Felix
> 
> _______________________________________________
> Acme mailing list
> Acme@ietf.org
> https://www.ietf.org/mailman/listinfo/acme

v2.23.0 | Report a Bug | By Email