Re: [Acme] Proposed changes to TLS-SNI, autorenewal removal

Andrew Ayer <agwa@andrewayer.name> Fri, 22 January 2016 18:27 UTC

Return-Path: <agwa@andrewayer.name>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6516C1B2B7F for <acme@ietfa.amsl.com>; Fri, 22 Jan 2016 10:27:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JQFohAIBjuri for <acme@ietfa.amsl.com>; Fri, 22 Jan 2016 10:27:27 -0800 (PST)
Received: from alcazar.beanwood.com (alcazar.beanwood.com [IPv6:2600:3c00:e000:6c::1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2723A1B2B7C for <acme@ietf.org>; Fri, 22 Jan 2016 10:27:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=andrewayer.name; s=alcazar2; t=1453487246; bh=f367JdzX26un2N5mIbEJL5++3AiaOCAdNXQ+hy3ofCs=; h=Date:From:To:Cc:Subject:In-Reply-To:References; b=HS+5w3XBe3x0+OBinTae6rkMv9TvomTcZwhTlb8Yi5VWVuAECJuVV+DSGJgexCLDG Igu/NWYW9NyhvXKNVuc9hkQrENIf0aHv2459MZHvGjXPeyk66Nn/BecJpJXGpHYClt 1rKK2ZUzsqmyNk7pSCAQTV/AuwexoS8xYdtMT0VspFw0RHgJi5nN1AZjGFzM9l2nV0 2vpN8C2g8sh4f5DzcHPiWklQPsOKg8DzcvnYcxYBf3XWZUZwvyJ8cRDAByuQFPEild i1sGD5i2/B89x81UUJoZuOL7+IC5SM0DycWYL2Z+mhyUypAMsB1/iw3G7AIY3f5nA3 85ucyzKtHjc6Q==
Date: Fri, 22 Jan 2016 10:27:25 -0800
From: Andrew Ayer <agwa@andrewayer.name>
To: Hugo Landau <hlandau@devever.net>
Message-Id: <20160122102725.5f4c2d02825dccf312513a9a@andrewayer.name>
In-Reply-To: <20160122161306.GA19607@andover>
References: <20160122161306.GA19607@andover>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/acme/xy6DYIXHg2JZh29Wa9c6xRIUD2U>
Cc: acme@ietf.org
Subject: Re: [Acme] Proposed changes to TLS-SNI, autorenewal removal
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2016 18:27:28 -0000

On Fri, 22 Jan 2016 16:13:07 +0000
Hugo Landau <hlandau@devever.net> wrote:

> Firstly, I've drafted a specification for tls-sni-02
> which resolves Jehiah's concerns.
>   <https://github.com/ietf-wg-acme/acme/pull/71>

I agree with jehiah's comment on GitHub that for consistency with the
http-01 challenge, SAN A (the token) should be used for the SNI
request, and SAN B (the keyAuthorization) should be the SAN which the
ACME server looks for.

Also, it's not necessary for the ACME server to verify that the
returned certificate contains SAN A (the token).  Seeing the
keyAuthorization in a SAN is sufficient.

I think these changes should be made because paring the challenges down
to their essentials and making them as similar as possible makes them
much easier to reason about.  For both http-01 and tls-sni-02, the
basic procedure would be:

1. Request a resource (file or certificate) at the domain using the
token to identify the resource.

2. Verify that the returned resource contains the keyAuthorization.

-- Andrew