IETF Logo Mail Archive

[Acme] lack of nonce for external account binding (was Re: Benjamin Kaduk's Discuss on draft-ietf-acme-acme-14:) (with DISCUSS and COMMENT)

Benjamin Kaduk <kaduk@mit.edu> Wed, 03 October 2018 15:53 UTC

Return-Path: <kaduk@mit.edu>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A797813130B; Wed, 3 Oct 2018 08:53:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZKttRu7iluQJ; Wed, 3 Oct 2018 08:53:39 -0700 (PDT)
Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4240E131311; Wed, 3 Oct 2018 08:53:38 -0700 (PDT)
X-AuditID: 12074425-827ff70000007728-9b-5bb4e5fee526
Received: from mailhub-auth-2.mit.edu ( [18.7.62.36]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id 51.11.30504.FF5E4BB5; Wed, 3 Oct 2018 11:53:36 -0400 (EDT)
Received: from outgoing.mit.edu (OUTGOING-AUTH-1.MIT.EDU [18.9.28.11]) by mailhub-auth-2.mit.edu (8.13.8/8.9.2) with ESMTP id w93FrTnR024541; Wed, 3 Oct 2018 11:53:31 -0400
Received: from kduck.kaduk.org (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id w93FrOJX003228 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Wed, 3 Oct 2018 11:53:27 -0400
Date: Wed, 03 Oct 2018 10:53:24 -0500
From: Benjamin Kaduk <kaduk@mit.edu>
To: Daniel McCarney <cpu@letsencrypt.org>
Cc: Richard Barnes <rlb@ipv.sx>, draft-ietf-acme-acme@ietf.org, IETF ACME <acme@ietf.org>, Yoav Nir <ynir.ietf@gmail.com>, The IESG <iesg@ietf.org>, "<acme-chairs@ietf.org>" <acme-chairs@ietf.org>
Message-ID: <20181003155118.GF56675@kduck.kaduk.org>
References: <153556883241.14872.599302420878484743.idtracker@ietfa.amsl.com> <CAL02cgQoC1YAA1wjftoFSMBfm7Vi4KUXUQW633GZ5tM9VMMrmg@mail.gmail.com> <CAKnbcLgNrmqWp4BUz=c2-Y5NQ3FqfPe3-RqRp_ocWxv+c+jWWA@mail.gmail.com> <20180916015154.GU48265@kduck.kaduk.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20180916015154.GU48265@kduck.kaduk.org>
User-Agent: Mutt/1.9.1 (2017-09-22)
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprDKsWRmVeSWpSXmKPExsUixG6nosvwbEu0wcWv4hb7X89islj1PNDi wht2i4Xb2Sxm/JnIbDG1z9Zi6bEPTA7sHjtn3WX3WLLkJ5PH5I2zWDxWzbzPFsASxWWTkpqT WZZapG+XwJUx99A+xoJdghUzO5IaGK/xdjFyckgImEg8f3CTsYuRi0NIYDGTxN1pPSwQzgZG iT/fZrJCOFeYJL7Nnc8G0sIioCJx69lMMJsNyG7ovswMYosIaEr87J7KDNLALHCfUeLdjVVM II6wwDRGiccnTwIt4eDgBVp4f1ECxNRWJomWjX/ZQbp5BQQlTs58wgJiMwtoSdz495IJpJ5Z QFpi+T8OEJNTwFTiyw8/kApRAWWJvX2H2CcwCsxC0jwLSfMshOYFjMyrGGVTcqt0cxMzc4pT k3WLkxPz8lKLdC30cjNL9FJTSjcxgoPcRXUH45y/XocYBTgYlXh4E+ZvjhZiTSwrrsw9xCjJ waQkyvt445ZoIb6k/JTKjMTijPii0pzU4kOMEhzMSiK8AhuAcrwpiZVVqUX5MClpDhYlcd5J LYujhQTSE0tSs1NTC1KLYLIyHBxKErzfnwA1ChalpqdWpGXmlCCkmTg4QYbzAA3XegoyvLgg Mbc4Mx0if4rRmKPt6fUZzBwdIFKIJS8/L1VKnFcKpFQApDSjNA9uGihRSWTvr3nFKA70nDDv bZClPMAkBzfvFdAqJqBV8jlgq0oSEVJSDYzKlREdDt4ZTJ8fbV6TyCDa5r98ebvWlt1SGwxY LKclnNx32v3Hat6+y9kz/xnMv1RkUqUo3dE878CX+NyXpw6yNDuu3XK8Ui84PEuofLum1OUv Ky9VfNLYkSdZzFcXf92v6512gty9XqnOHTJHN885ue9PtcjKOdUMm28pvi2+mVZr0GB9UF2J pTgj0VCLuag4EQCbkf91LwMAAA==
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/zCCAXvTD-cDvTZuHmHSa-iGPDlY>
Subject: [Acme] lack of nonce for external account binding (was Re: Benjamin Kaduk's Discuss on draft-ietf-acme-acme-14:) (with DISCUSS and COMMENT)
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Oct 2018 15:53:41 -0000

On Sat, Sep 15, 2018 at 08:51:55PM -0500, Benjamin Kaduk wrote:
> On Fri, Sep 14, 2018 at 03:59:07PM -0400, Daniel McCarney wrote:
> > > My co-author Daniel McCarney is working on the COMMENT comments.
> > 
> > > IMPORTANT: I don't think I understand why "nonce" MUST NOT be present in
> > > the external-binding JWS object, though I think I understand why one is
> > not
> > > needed in order to bind the MAC to the current transaction.  (That is,
> > this
> > > is in effect a "triply nested" construct, where a standalone MAC that
> > > certifies an ACME account (public) key as being authorized by the
> > > external-account holder to act on behal of that external account.  But
> > this
> > > standalone MAC will only be accepted by the ACME server in the context of
> > > the outer JWS POST, that must be signed by the ACME account key, which is
> > > assumed to be kept secure by the ACME client, ensuring that both
> > > key-holding entities agree to the account linkage.)  Proof of freshness of
> > > the commitment from the external account holder to authorize the ACME
> > > account key would only be needed if there was a scenario where the
> > external
> > > account holder would revoke that association, which does not seem to be a
> > > workflow supported by this document.  Any need to effectuate such a
> > > revocation seems like it would involve issuing a new MAC key for the
> > > external account (and invalidating the old one), and revoking/deactivating
> > > the ACME account, which is a somewhat heavy hammer but perhaps reasonable
> > > for such a scenario.
> > > Account key rollover just says that the nonce is NOT REQUIRED, and also
> > > uses some nicer (to me) language about "outer JWS" and "inner JWS".  It
> > > might be nice to synchronize these two sections.
> > 
> > I defer on this to the other authors/people that want
> > externalAccountBinding to
> > be a thing.
> 
> Okay.  I would like to avoid having needless normative requirements if
> there is in fact no reason for this requirement.

My apologies if I missed it when it went by, but did we ever hear more
about this requirement from the proponents of externalAccountBinding?

Thanks,

Benjamin

v2.23.0 | Report a Bug | By Email