IETF Logo Mail Archive

[CDNi] Secdir early review of draft-ietf-cdni-https-delegation-subcerts-04

Mike Ounsworth via Datatracker <noreply@ietf.org> Thu, 07 September 2023 02:51 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: cdni@ietf.org
Delivered-To: cdni@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E8E9C1519B2; Wed, 6 Sep 2023 19:51:02 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Mike Ounsworth via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: cdni@ietf.org, draft-ietf-cdni-https-delegation-subcerts.all@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 11.10.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <169405506210.42963.13269863442045302700@ietfa.amsl.com>
Reply-To: Mike Ounsworth <mike.ounsworth@entrust.com>
Date: Wed, 06 Sep 2023 19:51:02 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/cdni/3VSoFWvwFAFjOJCv4GN7mxWj-dU>
Subject: [CDNi] Secdir early review of draft-ietf-cdni-https-delegation-subcerts-04
X-BeenThere: cdni@ietf.org
X-Mailman-Version: 2.1.39
List-Id: "This list is to discuss issues associated with the Interconnection of Content Delivery Networks \(CDNs\)" <cdni.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cdni>, <mailto:cdni-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cdni/>
List-Post: <mailto:cdni@ietf.org>
List-Help: <mailto:cdni-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cdni>, <mailto:cdni-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Sep 2023 02:51:02 -0000

Reviewer: Mike Ounsworth
Review result: Not Ready

Hi CNDI chairs and authors.

I am performing a SecDir early review as requested by the CDNI chairs.
I will focus this review on the question you asked about transporting private
keys as-per Section 4. I'm happy to stay on as SecDir reviewer for this draft
and give it a more thorough security review when you are ready (TLS
certificates are kinda my thing).

I applaud you for submitting this for early security review. I agree with your
feeling that that this feels dangerous; you're setting up a way to
bulk-transfer TLS certificate private keys (specifically RFC 9345
delegated_credentials) between CDN providers over a weakly-protected channel.
If this goes wrong, it's gonna go catastrophically wrong. Like, all it would
take is for these CDNI Metadata objects to be logged in transit, an
unscrupulous person to have access to those logs, and now they have TLS certs
and private keys for potentially thousands of domains. I think this needs more
thought.

I would suggest to explore the following two solution spaces:

1)
Section 4 mentions: "If not specified, it is assumed that the dCDN generated
the public-private key pair for the delegated credential itself and provided
the public key information with an out-of-band mechanism to the uCDN." It would
be worth exploring this deeper and actually specifying how this should work.
Effectively that would mean that the uCDN acts as a Certification Authority for
the dCDN. The IETF has many certificate enrollment protocols to choose from.
This would be the strongest option since the dCDN could generate the private
keys in their key management solution and the private keys never need to
traverse any software layers at all.

2)
Leave the private key transport as it is, but encrypt it using a base64
envelope format such as PKCS8/PEM or JOSE/JWE. This would require the uCDN and
dCDN to have pre-established encryption keys as part of establishing their
relationship -- likely the dCDN generates an asymmetric key pair and shares the
public key to the uCDN. This at least obscures the private keys from passive
attacks such as traffic logging, but it still requires the private keys to
exist decrypted in software memory at some stage, so is not as strong as option
1.

I'm happy to work with you off-list.

v2.23.0 | Report a Bug | By Email