[secdir] Secdir last call review of draft-ietf-acme-ari-06

Shawn Emery via Datatracker <noreply@ietf.org> Tue, 26 November 2024 08:45 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Shawn Emery via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <173261075049.517382.2529024979014948296@dt-datatracker-5679c9c6d-qbvvv>
Date: Tue, 26 Nov 2024 00:45:50 -0800
Message-ID-Hash: 5YRQUPSP56DGW3JGBDPJKLTIEXTI5A47
CC: acme@ietf.org, draft-ietf-acme-ari.all@ietf.org, last-call@ietf.org
Reply-To: Shawn Emery <shawn.emery@gmail.com>
Subject: [secdir] Secdir last call review of draft-ietf-acme-ari-06
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/9RjjXrZKEnQo6XOyLOyYkiPpWYc>

Reviewer: Shawn Emery
Review result: Has Issues

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
Document editors and WG chairs should treat these comments just like any other
last call comments.

This standards track draft specifies an extension to the Automated Certificate
Management Environment (ACME) service, which specifies a protocol that allows a
client to ask an ACME server when they should renew their certificate.

The security considerations section does exist and asserts that the base RFC
for ACME, 8555, covers the various attacks and mitigations that this extensions
entails.  However, this draft concedes that the client's GET request for
renewal information MUST be unauthenticated, contrary to 8555's requirement
that they MUST be authenticated (in which this draft discloses).  The
justification for this position is that the renewal information is not
confidential and allows the renewal information to be cached which will prevent
aggressive clients from loading the server.  I'm concerned that exceptions that
allow unauthenticated requests could lead to easier forms of DoS attacks (e.g.,
bypassing the cache through tweaking the requests, no-store, etc.) against the
ACME server.  This draft should describe how to mitigate against such attacks.

General Comments:

Thank you for the examples.

Editorial Comments:

s/to ACME/to the ACME/

Are the bytes specification required in the following? (If not then I would
suggest NEW else this may still need some rewording): OLD:
   base64url-encoding [RFC4648] of the bytes of the keyIdentifier field
   of certificate's Authority Key Identifier (AKI) [RFC5280] extension,
   a literal period, and the base64url-encoding of the bytes of the DER
   encoding of the certificate's Serial Number (without the tag and
NEW:
   base64url-encoding [RFC4648] of the Key Identifier field [RFC5280],
   a literal period, and the base64url-encoding of the DER
   encoded Serial Number field (without the tag and

s/build upon/builds upon/
s/to shed load/to shed the load/
s/is what it is/is provided/
s/e.g./e.g.,/g

[secdir] Re: Secdir last call review of draft-iet… Shawn M Emery
[secdir] Secdir last call review of draft-ietf-ac… Shawn Emery via Datatracker
[secdir] Re: Secdir last call review of draft-iet… Aaron Gable
[secdir] Re: Secdir last call review of draft-iet… Aaron Gable