IETF Logo Mail Archive

Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-email-smime-10: (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Mon, 16 November 2020 12:11 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2B403A0DBF; Mon, 16 Nov 2020 04:11:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CQ-RWVdqQAOk; Mon, 16 Nov 2020 04:11:32 -0800 (PST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADF283A0DBD; Mon, 16 Nov 2020 04:11:31 -0800 (PST)
Received: from kduck.mit.edu ([24.16.140.251]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 0AGCBKaw022614 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 16 Nov 2020 07:11:24 -0500
Date: Mon, 16 Nov 2020 04:11:19 -0800
From: Benjamin Kaduk <kaduk@mit.edu>
To: Fraser Tweedale <frase@frase.id.au>
Cc: Alexey Melnikov <alexey.melnikov@isode.com>, rsalz@akamai.com, acme@ietf.org, The IESG <iesg@ietf.org>, draft-ietf-acme-email-smime@ietf.org, acme-chairs@ietf.org
Message-ID: <20201116121119.GY39170@kduck.mit.edu>
References: <160456339844.32027.10383263330343255957@ietfa.amsl.com> <4f0c0a3d-766a-3da7-f5b7-b2abd447298b@isode.com> <20201106222940.GK39170@kduck.mit.edu> <d4eae80c-1b68-5672-7b39-48d97d5c6f2c@isode.com> <20201112234825.GO39170@kduck.mit.edu> <20201114044703.GB1240@bacardi.hollandpark.frase.id.au>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20201114044703.GB1240@bacardi.hollandpark.frase.id.au>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/vDGn-TrMbHV-1jieFzNWFmF5E-g>
Subject: Re: [Acme] Benjamin Kaduk's Discuss on draft-ietf-acme-email-smime-10: (with DISCUSS and COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Nov 2020 12:11:34 -0000

Hi Fraser,

On Sat, Nov 14, 2020 at 02:47:03PM +1000, Fraser Tweedale wrote:
> On Thu, Nov 12, 2020 at 03:48:25PM -0800, Benjamin Kaduk wrote:
> > On a related note, the thread with Fraser, combined with our live
> > discussion earlier today, made me realize that we really should say what
> > the contents of the 'url' field of the challenge object are.  I know Fraser
> > wanted it to be an HTTPS resource, but it seems like a mailto: URL might
> > make more sense.  A mailto: URL could also (in some cases) play the role of the
> > "token-part0" I had pondered about previously, in that if the ACME server
> > uses a challenge-specific address with sufficient entropy, and that is
> > the From: line of the challenge email, then a sufficiently aware MUA/client
> > can use that address to link the incoming challenge email with the pending
> > ACME challenge. (More below.)
> >
> 
> Hi Benjamin,
> 
> It is an interesting idea.  A mailto: challenge URL seems
> technically feasible but has some consequences:
> 
> - RFC 8555 says that the client POSTs to that URL, implying HTTPS.
>   We can define a different semantics for a different challenge
>   types, but...

Ah, you're quite right.  I apparently jumped to the line "[t]he URL to
which a response can be posted" and missed the previous "the client
responds by sending a response object in a POST request to a challenge
URL."

So it seems we may want to reiterate these URL semantics and add a
different field to convey the email address associated with the response
email.

(I read the stuff below and can't argue with it.)

Thanks!

Ben

> - POST to an HTTPS URL, after email was sent, should work fine for
>   the "email-reply-00" validation method.  It is coherent with other
>   challenge types (prepare HTTP resource then notify; create DNS
>   records then notify; etc).  I don't think we should forfeit this
>   cohesion lightly; it will aid implementors of both clients and
>   servers to keep the mental model for difference challenge types as
>   close as possible.
> 
> - And, as I discussed in the other thread, NOT having the client
>   POST to notify the server that challenge email was sent does
>   restrict the ways you could implement the server.  Specifically,
>   the Mail Delivery Agent would have to _proactively_ perform
>   ACME-related processing of received messages.  Compare to a server
>   implementation where the MDA can just store mail somewhere, and
>   the ACME server can search for the reply after client has POSTed
>   that the mail was sent.  This maintains a nice separation between
>   mail delivery, and ACME server behaviour.  If I were implementing
>   the server side, this is how I would prefer to do it.
> 
> Cheers,
> Fraser

v2.23.0 | Report a Bug | By Email