Re: [Acme] High level comments on draft-barnes-acme (the GitHub version)
Joseph Lorenzo Hall <joe@cdt.org> Wed, 25 March 2015 22:15 UTC
Return-Path: <jhall@cdt.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E75841A9046 for <acme@ietfa.amsl.com>; Wed, 25 Mar 2015 15:15:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.199
X-Spam-Level:
X-Spam-Status: No, score=-1.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-0.7, SPF_NEUTRAL=0.779] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZSJsb-N-1Mfc for <acme@ietfa.amsl.com>; Wed, 25 Mar 2015 15:15:49 -0700 (PDT)
Received: from mail-lb0-f180.google.com (mail-lb0-f180.google.com [209.85.217.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E3BC1A8AEA for <acme@ietf.org>; Wed, 25 Mar 2015 15:15:49 -0700 (PDT)
Received: by lbcgn8 with SMTP id gn8so28149827lbc.2 for <acme@ietf.org>; Wed, 25 Mar 2015 15:15:47 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding; bh=I8LExi3WDLTA8Syf7Ibw5Strbe7wYGelw9nBsw728RI=; b=jOoLxL4BvoFmwbO+rBTeENhFNuUaPxaWBEinHQa0sIK0ODUm5iVYh27gzSvJYu44MU JxvTnCXFanOHaCQGdbdg/NH0RGHv8A6fEoQqhlbj8XpGCn/tAvAJojzzfY1MaNL28i5n k7x8UL01++pCMqRt3Qr8ou74q8/UtNCe9UDEE5fNfLGRK4exTE53z2GRlBl0CQdM6hoF hfbS21Y2RR3k5vheAAYzGMx1ER5X/Y48FgonCQJWw9bEs25XBh+crwc7ISFSwz3vdM/b S07VR0cKMKFrg7M/uMjVEu+UDWeF2vPv23eI5IelSX0i+HMCmZWOvDiGytI9okgUj+cc iQhQ==
X-Gm-Message-State: ALoCoQkvgT0krfToTIIkA6qwFIl3i6ASWFE984X5aPEnzP8dCjMVc0Nx9TwzTqPOQtaQKRLFgmCU
X-Received: by 10.112.17.8 with SMTP id k8mr10569135lbd.26.1427321747856; Wed, 25 Mar 2015 15:15:47 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.25.37.4 with HTTP; Wed, 25 Mar 2015 15:15:27 -0700 (PDT)
In-Reply-To: <B4953448-093A-4DB7-B81D-B09FE31E7B3F@ericsson.com>
References: <92B826AA-48E3-454C-85A9-600F84D539DD@ericsson.com> <9F77199A-98B7-4963-8EA3-552405B5342F@titanous.com> <B4953448-093A-4DB7-B81D-B09FE31E7B3F@ericsson.com>
From: Joseph Lorenzo Hall <joe@cdt.org>
Date: Wed, 25 Mar 2015 17:15:27 -0500
Message-ID: <CABtrr-V4++ayD4UV32maWiOSLyg=r3Gj-HNnDaizQ_WoF_4PjQ@mail.gmail.com>
To: John Mattsson <john.mattsson@ericsson.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/vK5-PViu5F_Jhdwn9WNr71dc1lU>
Cc: Jonathan Rudenberg <jonathan@titanous.com>, "acme@ietf.org" <acme@ietf.org>
Subject: Re: [Acme] High level comments on draft-barnes-acme (the GitHub version)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Mar 2015 22:15:51 -0000
On Wed, Mar 25, 2015 at 2:42 PM, John Mattsson <john.mattsson@ericsson.com> wrote: > > > On 25 Mar 2015, at 13:24, Jonathan Rudenberg <jonathan@titanous.com> wrote: > > > On Mar 25, 2015, at 9:35 AM, John Mattsson <john.mattsson@ericsson.com> > wrote: > > Hi, > > Some high level comments on draft-barnes-acme (the GitHub version) > > > - Security: > The security of this seems to need some serious rethinking. The “Domain > Validation with Server Name Indication” challenge seems totally nonsecure, > allowing ANY on-path attacker to get certificates issued. I think this > challenge is unacceptable for certificate issuance and I think it should be > removed. Just because I let Amazon, Microsoft, Google or any other cloud > provider run my web server does not mean I give them the right to request > certificates for my domain. > > > Thanks for pointing this out. This seems like a big deal, no? That is, since SNI is one of the few things not protected in the TLS handshake, it does seem spoofable. If there's not something I'm missing, it seems like the proposal should just drop DVSNI altogether. -- Joseph Lorenzo Hall Chief Technologist Center for Democracy & Technology 1634 I ST NW STE 1100 Washington DC 20006-4011 (p) 202-407-8825 (f) 202-637-0968 joe@cdt.org PGP: https://josephhall.org/gpg-key fingerprint: 3CA2 8D7B 9F6D DBD3 4B10 1607 5F86 6987 40A9 A871
- [Acme] High level comments on draft-barnes-acme (… John Mattsson
- Re: [Acme] High level comments on draft-barnes-ac… Salz, Rich
- Re: [Acme] High level comments on draft-barnes-ac… Jonathan Rudenberg
- Re: [Acme] High level comments on draft-barnes-ac… John Mattsson
- Re: [Acme] High level comments on draft-barnes-ac… Jonathan Rudenberg
- Re: [Acme] High level comments on draft-barnes-ac… Joseph Lorenzo Hall
- Re: [Acme] High level comments on draft-barnes-ac… Jacob Hoffman-Andrews
- Re: [Acme] High level comments on draft-barnes-ac… Jonathan Rudenberg
- Re: [Acme] High level comments on draft-barnes-ac… Salz, Rich
- Re: [Acme] High level comments on draft-barnes-ac… Bernd Eckenfels
- Re: [Acme] High level comments on draft-barnes-ac… Joseph Lorenzo Hall
- Re: [Acme] High level comments on draft-barnes-ac… James Kasten
- Re: [Acme] High level comments on draft-barnes-ac… Martin Thomson
- Re: [Acme] High level comments on draft-barnes-ac… Phillip Hallam-Baker