Re: [CDNi] Secdir early review of draft-ietf-cdni-https-delegation-subcerts-04
"Kevin J. Ma" <kevin.j.ma.ietf@gmail.com> Thu, 07 September 2023 12:17 UTC
Return-Path: <kevin.j.ma.ietf@gmail.com>
X-Original-To: cdni@ietfa.amsl.com
Delivered-To: cdni@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6BD2C15107B; Thu, 7 Sep 2023 05:17:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W2acpc62Fgam; Thu, 7 Sep 2023 05:17:33 -0700 (PDT)
Received: from mail-oo1-xc2e.google.com (mail-oo1-xc2e.google.com [IPv6:2607:f8b0:4864:20::c2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93E64C151090; Thu, 7 Sep 2023 05:17:30 -0700 (PDT)
Received: by mail-oo1-xc2e.google.com with SMTP id 006d021491bc7-573675e6b43so517860eaf.0; Thu, 07 Sep 2023 05:17:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1694089049; x=1694693849; darn=ietf.org; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:from:to:cc:subject:date:message-id :reply-to; bh=sjYdfIbJJ0aDoL0zAs5I2joqkBIV4/iXkc+ronD8bL4=; b=Yxxgf7M2161aJoPkMdwKgwW17TpVm8pmXZRkpIkMBm2D25/KyCi1DdNoWDHXqjLxS1 M7XZNGjDEL29K/hN2e25UULMkZvy1merBvJDt/T0bbeabqEIvxF5wr5bnBkzgXE60BY/ q3QoWM78h1yofOpm6goEdy9A1uG9uErQCzDX0uvUTAbkyRn0GU2AVYglhbSS67pcOCIS tkRMO+8HOy7hAxa9K10zHtD60EwTbmGMq3vLonUP0yM8tUZME0H/WcLWQUNA7AWo1iA/ Yxy/oWywpK3a2Du/Bt5roi2HUgtanmWfWamzbW35fEtedfsNIftCVNazmw0MGEV8QzKK 1zgg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1694089049; x=1694693849; h=to:in-reply-to:cc:references:message-id:date:subject:mime-version :from:content-transfer-encoding:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sjYdfIbJJ0aDoL0zAs5I2joqkBIV4/iXkc+ronD8bL4=; b=QR7HCmqcz3mBtZwbn8woxgb2pL7kpuk3H+yPHW+tEFoHllBUvuvJ140NJ3qPvcGp80 ErAkylFGbRKESoe1iogUaqrgi+43BhvobQJ9hJFSMkno5WddcHfUpROMgdAOUykExjce 4Z6FltE5c6EnOkJd6s1yqs3Ii2hQSi1tGSYa73QI4TOnD5Lt4Phh3XwP8W0S4TKsm7QI 5Y29iQwf4yMYudXKjv8RguXRhKUQ28TY/GVRMEGx2LnIUd6kimngnqPTccg1ABCvHyft ZHHCxOTuv3LALjA27h63kUW5rEFgSPw7YLyG69J8TjUyruHjSPCZeBIKBxo1VIt4wiHH MQMg==
X-Gm-Message-State: AOJu0YxF9IiYlcHbhRglpMInK5lttOoeAsDCvgmkiEbbIWp94LXjNv1k Ft0ZTBT5FgMwbyOPeKH1lvNEd7IS6Ac=
X-Google-Smtp-Source: AGHT+IE6v83elVVa3hjbmED3f9oeMLMKgHnNAF/sb7PL932QynUTDJTnxx+8G2fT4LxoWYjHBDjyYg==
X-Received: by 2002:a05:6358:4299:b0:134:e549:50d6 with SMTP id s25-20020a056358429900b00134e54950d6mr6011391rwc.10.1694089048872; Thu, 07 Sep 2023 05:17:28 -0700 (PDT)
Received: from smtpclient.apple ([2600:4040:519f:5200:fc22:e614:7db7:a336]) by smtp.gmail.com with ESMTPSA id i8-20020a0cf108000000b0064910f273aesm6175625qvl.146.2023.09.07.05.17.27 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 07 Sep 2023 05:17:28 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: "Kevin J. Ma" <kevin.j.ma.ietf@gmail.com>
Mime-Version: 1.0 (1.0)
Date: Thu, 07 Sep 2023 08:17:17 -0400
Message-Id: <9C73F24F-EF1C-419F-8912-E7D01887FD1E@gmail.com>
References: <169405506210.42963.13269863442045302700@ietfa.amsl.com>
Cc: secdir@ietf.org, cdni@ietf.org, draft-ietf-cdni-https-delegation-subcerts.all@ietf.org
In-Reply-To: <169405506210.42963.13269863442045302700@ietfa.amsl.com>
To: Mike Ounsworth <mike.ounsworth@entrust.com>
X-Mailer: iPhone Mail (20G75)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/-rfovgZ-HoBsiDW8l6mbsKwDDhQ>
Subject: Re: [CDNi] Secdir early review of draft-ietf-cdni-https-delegation-subcerts-04
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2023 12:17:35 -0000
Hi Mike, We really appreciate the early review, insightful suggestions, and offer to help! SubCerts draft authors, Please consider Mike's suggestions below. Once addressed, we should be ready to submit the draft. thanx! -- Kevin and Sanjay Sent from my iPhone > On Sep 6, 2023, at 10:51 PM, Mike Ounsworth via Datatracker <noreply@ietf.org> wrote: > > Reviewer: Mike Ounsworth > Review result: Not Ready > > Hi CNDI chairs and authors. > > I am performing a SecDir early review as requested by the CDNI chairs. > I will focus this review on the question you asked about transporting private > keys as-per Section 4. I'm happy to stay on as SecDir reviewer for this draft > and give it a more thorough security review when you are ready (TLS > certificates are kinda my thing). > > I applaud you for submitting this for early security review. I agree with your > feeling that that this feels dangerous; you're setting up a way to > bulk-transfer TLS certificate private keys (specifically RFC 9345 > delegated_credentials) between CDN providers over a weakly-protected channel. > If this goes wrong, it's gonna go catastrophically wrong. Like, all it would > take is for these CDNI Metadata objects to be logged in transit, an > unscrupulous person to have access to those logs, and now they have TLS certs > and private keys for potentially thousands of domains. I think this needs more > thought. > > I would suggest to explore the following two solution spaces: > > 1) > Section 4 mentions: "If not specified, it is assumed that the dCDN generated > the public-private key pair for the delegated credential itself and provided > the public key information with an out-of-band mechanism to the uCDN." It would > be worth exploring this deeper and actually specifying how this should work. > Effectively that would mean that the uCDN acts as a Certification Authority for > the dCDN. The IETF has many certificate enrollment protocols to choose from. > This would be the strongest option since the dCDN could generate the private > keys in their key management solution and the private keys never need to > traverse any software layers at all. > > 2) > Leave the private key transport as it is, but encrypt it using a base64 > envelope format such as PKCS8/PEM or JOSE/JWE. This would require the uCDN and > dCDN to have pre-established encryption keys as part of establishing their > relationship -- likely the dCDN generates an asymmetric key pair and shares the > public key to the uCDN. This at least obscures the private keys from passive > attacks such as traffic logging, but it still requires the private keys to > exist decrypted in software memory at some stage, so is not as strong as option > 1. > > I'm happy to work with you off-list. > >
- [CDNi] Secdir early review of draft-ietf-cdni-htt… Mike Ounsworth via Datatracker
- Re: [CDNi] Secdir early review of draft-ietf-cdni… Kevin J. Ma