Re: [Uta] Opsdir early review of draft-ietf-uta-rfc6125bis-08
Peter Saint-Andre <stpeter@stpeter.im> Mon, 19 December 2022 18:27 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDAAAC14CF01; Mon, 19 Dec 2022 10:27:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.799
X-Spam-Level:
X-Spam-Status: No, score=-2.799 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b=HnKVqXBN; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=ITq6iqF+
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FczSnUcKINys; Mon, 19 Dec 2022 10:27:18 -0800 (PST)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C036EC1524D6; Mon, 19 Dec 2022 10:26:01 -0800 (PST)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 1CC825C0042; Mon, 19 Dec 2022 13:26:01 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Mon, 19 Dec 2022 13:26:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1671474361; x= 1671560761; bh=3VKWJiGkH/tFa2i/aqriCU2tjWzuwgUP/uQShHc4jV8=; b=H nKVqXBNUlt5NdyVRy/5T7gn/BDjNifAUG3EG2m01m2YoIMq0lSzJt2wYJm+gUxCQ OVZjfZAOineDThGq0PKHJYqW8KCsFpt89AzyR30cmIt92uskmakViCtu35SuUIuQ kDWpNwLMthXpt2bvxP4kaGYeZ7ge3lG61CaELU1tylQpFUwsw+eaYg1Q2ct2X3p9 00S9pL8tC/ehFH3oU9RXqscEMUC8ZpR7Q7kyEhOCyyB142hAkueG4sOaJkcfzM6d c7bKfWZwBjzQO7T9plidcpzzbX0W/5LGSGiVBh20N1BE1OjGsPKmPM0pv77si6hs tFIkh1sPvT6lJF/vR3+PQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1671474361; x= 1671560761; bh=3VKWJiGkH/tFa2i/aqriCU2tjWzuwgUP/uQShHc4jV8=; b=I Tq6iqF+xOgE8IfPnXFUPwXh7MKYC47x3hyjnyA/KYmPl5uF4FkggPZ7Y4o8Bz4QS 4dIigT08//6IEHODoJ/+BJSh07M9YgdskwhtMFjRZfYXOXhn89BRlbjJNk9pbcjD Zu2EfueS2NnhO+QOJqSLo3qojorBEFfr84xYC3L+4k6r4rzVVFFdsGV+9KpwqWYq AoUg0LAYD8rDlV9zHKyVoqWautTKhyFLHK3Tcg0LF/3SBTP/8/o1Xiqv8gK20Iv/ 3XCEapJuOOk3lURNvW4JZKE2yD3iC2E0pRtJTubgByvbvoP+xFlysrHlbDUe0rwy ULHX30P1IZy3T8i8F0HWQ==
X-ME-Sender: <xms:uKygYx5r7e0PdRDstwaud8GpwZ5rCUrvLkxHRXY-mV2b1SAbJpAeWw> <xme:uKygY-6r8aeeFuOcHU9i8M-4vS6Rz6CMidYGSVy3RCX4XkXBqcHEJPalhb7S9UDyW TBIvkEzWgysgn2ezw>
X-ME-Received: <xmr:uKygY4dgJn0g_eJAdAmCFKc6JpQleRThOpw-UvkMZhXG1ZBgYK_kYjfYu9Qtp0cX>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrgeefgdekiecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepkfffgggfuffhvfevfhgjtgfgsehtke ertddtfeejnecuhfhrohhmpefrvghtvghrucfurghinhhtqdetnhgurhgvuceoshhtphgv thgvrhesshhtphgvthgvrhdrihhmqeenucggtffrrghtthgvrhhnpeetieejteekieekue ekffethedtvdejieduveelteehgeefleffteehudeuudegfeenucffohhmrghinhephhht thhprghpphhlihgtrghtihhonhgtlhhivghnthhsrghnughsvghrvhgvrhhstghouhhlug hrvghquhhirhgvthhhvghushgvohhfthhlshdrhhgvrhgvpdhofigrshhprdhorhhgpdhi jhhjkhdrtghnnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepshhtphgvthgvrhesshhtphgvthgvrhdrihhm
X-ME-Proxy: <xmx:uKygY6LPZxc6Pwfl8LONiRZNNR0M9-bJUASSPiKRmdW5iFl_yS4D-g> <xmx:uKygY1K4Wl0XrFrKTE2dt_9HsaB4WEEED2e-KVY6Jd31ArEcROZ5dQ> <xmx:uKygYzzDuMnHA8UXm7B6_N1tNY_6ORbYjx8jYSG_IZJlk5nwlUVETQ> <xmx:uaygY13UZyPQIj8TV2UVgxDuOYI5Uzmp-9sWv0X5DbuN75sP5fkNOg>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 19 Dec 2022 13:26:00 -0500 (EST)
Message-ID: <414a7e2e-64b8-66a9-b547-c2318d54747e@stpeter.im>
Date: Mon, 19 Dec 2022 11:25:59 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.5.1
Content-Language: en-US
From: Peter Saint-Andre <stpeter@stpeter.im>
To: Qin Wu <bill.wu@huawei.com>, "ops-dir@ietf.org" <ops-dir@ietf.org>
Cc: "draft-ietf-uta-rfc6125bis.all@ietf.org" <draft-ietf-uta-rfc6125bis.all@ietf.org>, "uta@ietf.org" <uta@ietf.org>
References: <c9e924075bb64ad7ad91a3122a6fa6bc@huawei.com> <ba6b8873-499a-420a-eec1-a57940dd1579@stpeter.im>
In-Reply-To: <ba6b8873-499a-420a-eec1-a57940dd1579@stpeter.im>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/hDPHXVWUIam4VZv-04Pon3aSvCE>
Subject: Re: [Uta] Opsdir early review of draft-ietf-uta-rfc6125bis-08
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2022 18:27:22 -0000
On 12/19/22 11:18 AM, Peter Saint-Andre wrote: > On 12/19/22 12:33 AM, Qin Wu wrote: >>>> 7.Section 7.1 >>>> I am surprised there is no protection measures to mitigate risk of >>>> vouching for rogue or buggy hosts in this document? >>> >>> It seems to me that methods for mitigating the attacks described in >>> [Defeating-SSL] and [HTTPSbytes] are probably out of scope for this >>> document. >>> >>> The [HTTPSbytes] attack depends on cross-site scripting, and thus I >>> think that mitigations should be explained in web-specific >>> specifications (e.g., JavaScript, HTML input validation, cookies). >>> >>> The [Defeating-SSL] attack depends on starting with plaintext HTTP >>> (not >>> HTTPS) and of course no certificate checking happens over plaintext >>> HTTP. The attack also includes further trickery involving UX >>> differences between U-labels and A-labels as well as confusable >>> characters, but in Section 6.3 we already specify that domains must >>> be checked as A-labels and in Section 7.2 we point to relevant >>> specifications regarding internationalized domain names. These >>> matters are notoriously thorny and difficult to solve, so it's not >>> clear to me how much more we can say. >>> Naturally, suggestions are welcome. >>> >>> [Qin Wu] Thanks for clarification, it looks to me that attack >>> described in [HTTPSbytes] can be solved in the solution proposed in >>> web specific specification while attack described in [Defeating-SSL] >>> can not be solved or fully solved. >>> If that is the case, why we should quote [Defeating-SSL]? Is >>> [Defeating-SSL] really relevant to this document? Do you assume >>> plaintext HTTP can work with TLS? No? >> >> Perhaps some history would be helpful. >> >> When Jeff Hodges and I were working on the document that was >> eventually published as RFC 6125 (this was around 2009 or 2010, before >> the UTA WG was formed), we had a strong desire to remove wildcard >> certificates entirely. However, enough people said "wildcard >> certificates are important" that we were persuaded to leave them in. >> >> Here we are in 2022 and still enough people in the UTA WG said >> "wildcard certificates are important" that we could not gain consensus >> to remove them. >> >> However, it's also important to note that wildcard certificates can >> lead to various attacks. Although I think it's not the job of *this* >> specification to mitigate those attacks, people should be aware of them. >> >> With that said, we could also make people aware of some of the >> practical mitigations, such as: >> >> 1. Don't use wildcard certificates unless absolutely necessary. >> >> 2. To help mitigate against the attack described in [Defeating-SSL] >> (which starts with plaintext HTTP), application clients and servers >> could require the use of TLS. Here we could cite §3.2 of RFC 9325. >> >> 3. To help mitigate against the attack described in [HTTPSbytes], web >> clients and servers could put in place protections against cross-site >> scripting attacks. Here we could point to the OWASP guidelines at >> https://owasp.org/www-community/attacks/xss/ >> >> Do you think that adding some text along these lines would be an >> improvement? >> >> [Qin Wu] Thanks for history revisiting, Yes, quoting these practical >> mitigation that has already defined somewhere perfectly make sense and >> addresses my concern, especially section 3.2 of RFC9325, I am happy if >> you can add these clarifications and quotations which make me not >> scared about wildcard certificates any more.:-) >> Thanks you for taking care of my remaining comment. > > Great. > > I had one more thought regarding [Defeating-SSL]. Notice that the > example on Slide 92 of that presentation is as follows (actually > `google` is supposed to be `gmail` but you get the idea): > > www.google.xn-- > comaccountsservicelogin-5j9pia.f.ijjk.cn > > According to the rules in §6.3 of draft-ietf-uta-rfc6125bis-08, that > domain does not match *.ijjk.cn because only one wildcard character is > allowed and the wildcard must match only the leftmost label. The most > that could be matched would be f.ijjk.cn. Using this label, the fake URL > would be: > > https://com╱accounts╱servicelogin.f.ijjk.cn Actually it's only https://f.ijjk.cn - but my point about not getting too comfortable still stands because attackers are clever... > Could that still fool someone into clicking it? Perhaps, but without the > widely known company or service name in the fake URL perhaps the risk is > lower. > > However, I don't know if this really helps, because even though various > full stop characters (e.g., U+3002 IDEOGRAPHIC FULL STOP) are disallowed > by RFC 5892 in internationalized domain name labels, I have no doubt > that a clever attacker could construct a single label that could fool > some users into believing that the domain looks legitimate. > > Peter >
- [Uta] Opsdir early review of draft-ietf-uta-rfc61… Qin Wu via Datatracker
- Re: [Uta] [OPS-DIR] Opsdir early review of draft-… Warren Kumari
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Peter Saint-Andre
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Qin Wu
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Peter Saint-Andre
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Qin Wu
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Peter Saint-Andre
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Peter Saint-Andre
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Qin Wu
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Martin Thomson
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Qin Wu