IETF Logo Mail Archive

Re: [Acme] SNI extension for tls-alpn-01 challenge in draft-ietf-acme-ip-05

Ryan Sleevi <ryan-ietf@sleevi.com> Tue, 23 April 2019 20:40 UTC

Return-Path: <ryan.sleevi@gmail.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42564120371 for <acme@ietfa.amsl.com>; Tue, 23 Apr 2019 13:40:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Level:
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nqnQnMsD1rzv for <acme@ietfa.amsl.com>; Tue, 23 Apr 2019 13:40:23 -0700 (PDT)
Received: from mail-ed1-f41.google.com (mail-ed1-f41.google.com [209.85.208.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89871120372 for <acme@ietf.org>; Tue, 23 Apr 2019 13:40:23 -0700 (PDT)
Received: by mail-ed1-f41.google.com with SMTP id u57so13932638edm.3 for <acme@ietf.org>; Tue, 23 Apr 2019 13:40:23 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=jXiMsHOh5udeUS0mjWs90xHVlOty/yGTY5v6L5s0urY=; b=ITM/0Oa9xRKdhpSJ8tkKw+uGxZ9U7qFCLeptI1YoAJSuuP8iR2NNkyWpe3uzpY7/fX 4hJ5MI/0A1f+Zug2Y15wdWdm0JUihUqhJZMQ3pfwbkaJnWaFotX1evmit+rjrl+/ZhSB ORt2GUViyvdwu24Zu/EUDo10PfjFH5XYJnyzkBgxcgEl/H3Bj8c7B95SwTt+zvefF2bG lvWYsaRrt0Fp3HW0CuAk+nVV7fUZQ9ERWd/mUTI4MSpUl3F0u9GX94dHFu87IXm7wPmx SYzog/IrauV7DtPZTf43JMWpfUFh0c7AAHAlTqGkbBKeiU74em8xqejGSFmZQoXL+Hgt 1j1Q==
X-Gm-Message-State: APjAAAUScsXddbF87LzcvL0UbUrQynqW4FE3cloZqNvrj2n8LLKZ6obY pdeiZ//g2LdEUs4FxnFuwZyi9WJP
X-Google-Smtp-Source: APXvYqxu2XNDlqd3AB9d8z9WWNNjVhtbiVqUoD7yd1wZZ7skXgxR5Iotjfx7portXKpy4cp9pacP/A==
X-Received: by 2002:a05:6402:781:: with SMTP id d1mr16634476edy.286.1556052021881; Tue, 23 Apr 2019 13:40:21 -0700 (PDT)
Received: from mail-wm1-f42.google.com (mail-wm1-f42.google.com. [209.85.128.42]) by smtp.gmail.com with ESMTPSA id l10sm3790742eda.8.2019.04.23.13.40.21 for <acme@ietf.org> (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Tue, 23 Apr 2019 13:40:21 -0700 (PDT)
Received: by mail-wm1-f42.google.com with SMTP id z6so3063221wmi.0 for <acme@ietf.org>; Tue, 23 Apr 2019 13:40:21 -0700 (PDT)
X-Received: by 2002:a1c:5588:: with SMTP id j130mr3887611wmb.72.1556052021076; Tue, 23 Apr 2019 13:40:21 -0700 (PDT)
MIME-Version: 1.0
References: <MN2PR18MB28457CCBEF6FFE2B70E286FCC3250@MN2PR18MB2845.namprd18.prod.outlook.com> <CAErg=HGYuRc+tOBwRedx5a9tnH9iVm3bfWYhfXeiHCgcvp8gMA@mail.gmail.com> <MN2PR18MB2845DBA634A0BC648222C627C3230@MN2PR18MB2845.namprd18.prod.outlook.com> <CAErg=HG=LgqDxZ8QxVSAq2K6MsKJX36o6O7v0ojS3rsgUXuHVw@mail.gmail.com> <24216.1556044089@dooku.sandelman.ca> <CAErg=HH2NqHH-+AUAXvMWBrmhOPH=86twOkr=b=F0TduB45KSw@mail.gmail.com> <32047.1556051326@dooku.sandelman.ca>
In-Reply-To: <32047.1556051326@dooku.sandelman.ca>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Tue, 23 Apr 2019 16:40:12 -0400
X-Gmail-Original-Message-ID: <CAErg=HHFtog0NY21BCVfQoZnWnmv9tzpmYp6Gw+gA=jdePRoEA@mail.gmail.com>
Message-ID: <CAErg=HHFtog0NY21BCVfQoZnWnmv9tzpmYp6Gw+gA=jdePRoEA@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: Ryan Sleevi <ryan-ietf@sleevi.com>, "acme@ietf.org" <acme@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000f7e8770587389752"
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/zP20Uhxp73I7CVIoMlXkWD2DjEA>
Subject: Re: [Acme] SNI extension for tls-alpn-01 challenge in draft-ietf-acme-ip-05
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Apr 2019 20:40:25 -0000

On Tue, Apr 23, 2019 at 4:28 PM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>     > In a world where IPs were possible to be validated using TLS-ALPN,
> and
>     > the information omitted from the request, if evil.example/Customer B
>     > can serve a certificate that confirms the response for 10.0.0.2, then
>     > they could get a certificate for Customer A's IP.
>
> To do this requires that the cloud provider make a clear decision about
> what
> they are going to do with SNI-less requests above.    I feel that the cloud
> provider did something wrong here.


That's a not-unreasonable position to take, generally speaking, but it's
not an invariant that the TLS-ALPN method stated needed to be met. For
example, we 'could' just as well introduce yet-another-ALPN method to
indicate it's being used to validate an IP address, rather than a domain,
and then we can totally omit the IP address (encoded or otherwise) from the
TLS handshake, on the assumption that the Service Provider must be
responsible for determining the authorization scope. The use of a new ALPN
value would be explicit signalling by said Cloud Provider that they're
aware of the semantics and the security properties that need to be observed.

Fundamentally, TLS-SNI had problems because it relied on
implicit/out-of-band state to bind the request to the response (in this
case, the binding between the .acme.invalid namespace and the actual
customer namespace). As a result, the TLS terminator was not able to
dispatch or ACL appropriately. The 'main' contribution of TLS-ALPN was to
make the server explicitly signal support for the method, rather than
implicitly signal. We could have left the SNI domain as .acme.invalid and
still achieved the same security properties - however, moving it to use the
'actual' name, and only dispatch on ALPN, simply made it easier for Cloud
Providers to implement safely and securely.

That same logic applies here - we 'could' use a distinct ALPN method, in
which case, omitting the IP is fine. However, including the IP (albeit,
encoded) makes it easier to reason about, dispatch, and less likely to
result in implementation flaws, and in particular, given that the draft is
reusing the ALPN tag of TLS-ALPN, observes the semantics and security
properties required of servers that 'speak' TLS-ALPN.

v2.23.0 | Report a Bug | By Email