IETF Logo Mail Archive

Re: [Acme] Obtaining the Tor hidden service descriptor for draft-ietf-acme-onion

rhatto <rhatto@torproject.org> Tue, 10 October 2023 19:14 UTC

Return-Path: <rhatto@torproject.org>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAB23C151995 for <acme@ietfa.amsl.com>; Tue, 10 Oct 2023 12:14:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.407
X-Spam-Level:
X-Spam-Status: No, score=-4.407 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=torproject.org
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MgcYT7qK37ib for <acme@ietfa.amsl.com>; Tue, 10 Oct 2023 12:14:31 -0700 (PDT)
Received: from submit-01.torproject.org (submit-01.torproject.org [116.202.120.174]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C6AF5C151542 for <acme@ietf.org>; Tue, 10 Oct 2023 12:14:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=torproject.org; s=2022-submit-01; t=1696965268; bh=b80jMKsvRLNKdrasxztMN6nDV3UlA+0WklKudoDpWq8=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=Ju9+kBAg81llzcPF9hmX6h5ZEcV0t3rvNS3fWnVNIPUz932VdAgR38zLSNa+8FgDp LwWfES8uqQs4O8UwNENVUSnn13UhjAzr+6u9kT2MYWhH1I0BT3YfmbOQa04V046KuR pph/E2Q1vFqH5HHKy8ghG5JyDJr0btdDJsMpodqYNdVmn+w3en0CKstXa9sfUxl9KK yK/0SKMwhBUwbpdYSWRiJ7B24YOAsqFfNJVYrHCCbvRdxuvVRRE4zDboWpjf4Hqvp/ ShzfABjXaLBJV+pQgVAufllF36hgUa34rnradD3Y8PnXwnbsRtp1dQguJDAyRt+Fxr JakI2ns/SDcig==
Received: from localhost (localhost [::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) (Authenticated sender: rhatto) by submit-01.torproject.org (Postfix) with ESMTPSA id 7961E80048; Tue, 10 Oct 2023 19:14:27 +0000 (UTC)
Date: Tue, 10 Oct 2023 16:14:19 -0300
From: rhatto <rhatto@torproject.org>
To: Q Misell <q=40as207960.net@dmarc.ietf.org>
Cc: IETF ACME <acme@ietf.org>
Message-ID: <ZSWikYeVECjUrLM0@localhost>
References: <CAMEWqGvnrgp=f4eO1nQ9hzzCnY2z-pxE8fyQvHnzTDYCx-jq6A@mail.gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="+LfZqbcS6HNlq51d"
Content-Disposition: inline
In-Reply-To: <CAMEWqGvnrgp=f4eO1nQ9hzzCnY2z-pxE8fyQvHnzTDYCx-jq6A@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/zXgKzFkFzkY3JcoVDUxTQPbXMAw>
Subject: Re: [Acme] Obtaining the Tor hidden service descriptor for draft-ietf-acme-onion
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Oct 2023 19:14:34 -0000

On Thu, Sep 07, 2023 at 04:55:51PM +0100, Q Misell wrote:
> I've had some discussion recently with the Tor project on implementation
> hurdles for draft-ietf-acme-onion. One concern that has been raised by a few is
> the need to run a Tor client to validate requests, even with onion-csr-01, due
> to the inclusion of CAA in the draft.

Hi Q, and thanks for bringing this up.

> One solution proposed to this is that the ACME client MAY[1] send the hidden
> service descriptor to CA as part of the finalize request. The CA also MAY
> require this, if they do not wish to run a Tor client. This, to my knowledge,
> wouldn't reduce the security of the validation of CAA, as the descriptor
> document is still cryptographically validated in the same way using the current
> network consensus. Additionally the directory authorities that serve
> descriptors are already non-trusted actors in Tor.
>
> The CA would still need a copy of the network consensus document to verify
> the descriptor submitted by the client. Most directory authorities however
> are reachable over standard HTTP over TCP, in addition to HTTP over Tor.
> This would allow the CA to fetch the current consensus without any
> connection to Tor. The consensus fetched this way would still be verified
> against the trusted directory authorities of Tor[2].

Specifically, the "valid-after", "fresh-until", and "hsdir_interval" are
the only consensus items needed to parse, decrypt and validate an Onion
Service descriptor.

> What are people's thoughts on this, and more importantly, what problems do
> people see with this?

After a lengthy discussion with Tor developers, we suggest the following
options, prioritizing the least complex:

0. ACME clients MAY send "valid-after", "fresh-until" and "hs_interval"
   along with the descriptor, which would allow the ACME Server to verify
   CAA in a stateless way, without bootstrapping Tor to fetch the
   descriptor and without fetching the network consensus.

1. Only the descriptor is sent by the ACME client, so the ACME server would
   need to fetch and cache the network consensus.

2. The ACME client does not send the descriptor, leaving to the ACME server
   the job of fetching it, as stated on draft-ietf-acme-onion-00.

For options 0 and 1 above, there are two ways that a consensus (or just the
needed items) can be fetched either by ACME clients or servers:

a. Through the Tor network, from one of many directory caches.

   As this involves bootstrapping Tor, it makes more sense for ACME
   clients to do this fetching, as clients are probably already connected
   to Tor in order to run an Onion Service or to make the ACME request
   through Tor.

b. Doing HTTP over TCP, or HTTP over Tor to the directory authorities.

   While this is supported nowadays, it's not guaranteed to work in the
   long term, since this method is deprecated in favor of the approach
   above, and DirAuths may even stop serving the consensus directly by HTTP
   at some point.

   This also requires checking the DirAuths' signatures in the consensus
   document.

> Should this be incorporated into the draft?

Yes, we support this idea, but also note that, despite parsing and
validating an .onion descriptor being relatively straightforward, it
involves more code to be maintained.

We understand that signed CAA parameters could be accepted directly in
an ACME API request without reducing security and the need to process an
entire descriptor.

-- 
Silvio Rhatto
pronouns he/him

v2.23.0 | Report a Bug | By Email