Re: [Secdispatch] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF)

Eric Rescorla <ekr@rtfm.com> Thu, 24 February 2022 20:06 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 433F23A0597 for <secdispatch@ietfa.amsl.com>; Thu, 24 Feb 2022 12:06:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Level:
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JcvcgooYyxFO for <secdispatch@ietfa.amsl.com>; Thu, 24 Feb 2022 12:06:30 -0800 (PST)
Received: from mail-io1-xd35.google.com (mail-io1-xd35.google.com [IPv6:2607:f8b0:4864:20::d35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C42F23A02BB for <secdispatch@ietf.org>; Thu, 24 Feb 2022 12:06:30 -0800 (PST)
Received: by mail-io1-xd35.google.com with SMTP id h16so4070567iol.11 for <secdispatch@ietf.org>; Thu, 24 Feb 2022 12:06:30 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gM8/61TftRvIdvEjJQv2WzBw5rYAVJZghZ9MWOBBpJI=; b=UYfO0+DJriGDuJxmPr35xb7LO+AHvwN6BjGP1JsC/9xlFwn6VfHc6cvWeVMIe1m2Pr kUV1FO4NF+PAtXbfmNLUHmszOVpw5WsRXxelvok5lTSZhFtfESRkBt3v9kXXPw9JJvxn 6GKk6H/K3M5DVwHH82UbagMv6NPMrq5oxHRzTEaETCs0VzVA3vHDVOLuS8IPblDkmrRI PZWyzivSSQ1LRtEQyh8rsdKs/aUqeoukjZ7edEKWfWl0NgfbbFv4YzN/npLmIL60PO69 jYvGPVA1f8NjtNGVVY++NqEZGmSDsc1606GNz2WmEmvWoMm9/hWJj959/lauX+tAx7qT Ievw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gM8/61TftRvIdvEjJQv2WzBw5rYAVJZghZ9MWOBBpJI=; b=HIzQLU72PGkmAAqNdU0AcihiEH/I9bWpAPm2WVL/q50TJZHKi/uofxYNsucs9diowy SMO8wG/fanQF9VfVPIjfbKeIllhQss6sOqMmVwZ0fVLciddBvShyQbiOa656i2ocTK+E OWh9e+axSGQIa69+REibJwOT1BtgTJv43RK8IYDPItn/nnDZxeQaHlBY7v3iDJzWTOgm RBrawgjPTSZHBlXZwGFHk18RenUvYbzagJw5pu2Bk3CdixSotkdu01uY4Rbbkr/u6nqV ihfxGQtfOw/Kr+cN7E0uBMAEalGX+aciY1W2EkgrbhGeBM+gDcurFHxLewIC3vFAoZWG ltGw==
X-Gm-Message-State: AOAM533azAsbVpkaVW0UAL6j1zv0XunBfVcO6z1dSY5GNYLPPufe7zRa 8smLCKLg9Cr9PG8B7sKooxxLqRV2dEFBOyBs0VWS+F4a0nYuow==
X-Google-Smtp-Source: ABdhPJz9Mo2/MO7gAuYgXRnKWeNq4VKEyp8aUsQJqXateltmL668zrgnOsbcqLwbzRrrYbJUF/xmamBMZAg4Hv21I9M=
X-Received: by 2002:a02:cc26:0:b0:30f:ce14:5241 with SMTP id o6-20020a02cc26000000b0030fce145241mr3296004jap.94.1645733189755; Thu, 24 Feb 2022 12:06:29 -0800 (PST)
MIME-Version: 1.0
References: <0075B437-024A-4D84-ABD7-92FE8DAFA59F@commercebyte.com>
In-Reply-To: <0075B437-024A-4D84-ABD7-92FE8DAFA59F@commercebyte.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 24 Feb 2022 12:05:53 -0800
Message-ID: <CABcZeBOBoM2aYjpZ+fd_D3megd0HzLSdGspWTnu00y-4iBz-YQ@mail.gmail.com>
To: Jim Zubov <ietf-list@commercebyte.com>
Cc: IETF SecDispatch <secdispatch@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000002bbbe905d8c91e66"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/RbBPl5E9iax5avIvqsVyjXl7Bo0>
Subject: Re: [Secdispatch] I-D: Deploying Publicly Trusted TLS Servers on IoT Devices Using SNI-based End-to-End TLS Forwarding (SNIF)
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Feb 2022 20:06:36 -0000

Document: draft-zubov-snif-04.txt


OVERALL
As I understand it the problem statement here is that you
have a back-end IoT server which is not publicly addressable
and you want to have a front-end proxy server which:

1. Assigns the back-end-server a hostname

2. Acquires publicly available WebPKI certificates on its
   behalf

3. Serves as a reverse proxy for the server at the TCP
   layer (and presumably eventually at the UDP layer).

The problem of acquiring WebPKI certificates for non-publicly
addressable devices is a pretty common one and applies to
a number of enterprise use cases, not just WebPKI.

However, it seems to me that your situation is different because you
want the device to be accessible, it just isn't publicly
addressable. This suggests to me that there is a simpler approach:

- When a device first connects to the proxy, assign it a
  hostname and establish a credential (e.g., a random
  key) bound to the hostname (effectively #1 above)

- Allow the device to connect to the proxy and authenticate with the
  credential and then route any TLS or HTTP connections to the
  hostname to that device (a generalization of #3).

If you just do this, then you shouldn't need any other mechanism
because the device will be able to fulfill the ordinary ACME HTTP
Challenge (RFC 8555; S 8.3) and the ALPN challenge (RFC 8737) without
any additional effort by the proxy. In particular, the proxy will
not need to engage with ACME because the back-end server can
do that.

Second, I don't think you need to define a new proxy protocol. While
MASQUE isn't currently specified for this kind of server application,
it seems like a natural extension and MASQUE would handle all the
transport mechanics for you, thus making life a lot simpler.


DETAILED COMMENTS
A number of the design choices here seem suboptimal. These would
mostly go away if you adopted the strategy I propose above. However,
I note them in case you do not do so.

* If I am reading this protocol correctly, there is no way to
  change the private key of a server in a given name. If that's
  correct, it seems suboptimal.

* It seems like you are establishing a new TCP connection to
  the device for each incoming TCP connection. That is not
  going to have great performance. I would instead mux all
  the data over a single connection (see MASQUE, supra).

* It seems like you are having the relay connect to the device.
  That is going to be a problem if the device is behind a
  NAT or any kind of stateful inspection filter. Instead,
  I would have all connections be outgoing.

* Requiring the Relay to validate the server's TLS certificate,
  as defined in S 4.2, makes the Relay much more complicated
  as it has to have a WebPKI stack in it.

I also, I don't understand this text:

   Since each certificate issued by a CA remains on the certificate
   transparency public records, it is RECOMMENDED for SNIF CA Proxy to
   only issue Certificates with a wildcard CN.  This way, the actual
   Connector's hostname (Section 3.2) will not be listed on the public
   records.

Can you provide an example of what you mean here? If the Connectors
are named a.example.com, b.example.com, and c.example.com, you obviously
cannot issue any of them *.example.com. OTOH, if you have them have
<something>.a.example.com and <something-else>.b.example.com, then
how does it help to issue *.a.example.com?


SECDISPATCH QUESTIONS
I think the next steps here are to resolve what problem is being
solved. In particular, if what I propose above will work, then
this should go to MASQUE with a limited scope of defining incoming
connections. If not, then I think we need to get clearer on why
it won't.

-Ekr





















On Tue, Feb 8, 2022 at 10:18 AM Jim Zubov <ietf-list@commercebyte.com>
wrote:

> Please consider the following draft:
>
> https://datatracker.ietf.org/doc/draft-zubov-snif/
>
> The document describes a set of protocols for publicly trusted serverless
> TLS that can be used as an end-to-end IoT security solution.
>
> The solution had been tested in pre-production. The complete source code
> is in the public domain -
>
> https://github.com/vesvault/snif
>
> Any feedback, suggestions, and recommendations of an IETF group adoption
> are welcome.
>
>
> Thank You -
>
> Jim Zubov
> VESvault Corp
> CTO / Co-founder
>
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/secdispatch
>