Re: [Uta] Opsdir early review of draft-ietf-uta-rfc6125bis-08
Peter Saint-Andre <stpeter@stpeter.im> Mon, 19 December 2022 18:19 UTC
Return-Path: <stpeter@stpeter.im>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B00F6C1524CB; Mon, 19 Dec 2022 10:19:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.8
X-Spam-Level:
X-Spam-Status: No, score=-2.8 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=stpeter.im header.b=GGJiq6LO; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=qtBAKlqL
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Kz270OIgixhZ; Mon, 19 Dec 2022 10:19:02 -0800 (PST)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 702DBC15259F; Mon, 19 Dec 2022 10:18:24 -0800 (PST)
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.nyi.internal (Postfix) with ESMTP id 4CAD35C005D; Mon, 19 Dec 2022 13:18:23 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute4.internal (MEProxy); Mon, 19 Dec 2022 13:18:23 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=stpeter.im; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to; s=fm3; t=1671473903; x= 1671560303; bh=uZbmMNNBTgMD/YfpUN8ShSvJz/BPlQAE19VlBIM1acg=; b=G GJiq6LO25p+++B/uokAk2IAxT8b/sPWYCSndNwbH/meGgpjoaFohM/4RruY4qEjO 5fD7kOTppVuXMUlerOv8YfS7m+zQ5RKAlv/jglPCv0f5/lL1TiFUWCAvH9AwVtIg KwJQedqF/lm3OvgO54RwouXnrRsaByUUrVasLiFRHQVem8ZKLaO9vnn/L926yK6+ qLDuByHWKc2xhA4pK4OYI8SXMWzICgYmErVk9qFC1UQ8AumTs20n1zmliGT73oV7 +ElyZWy1ov6NhWDpl/Xuya0+d/Bh3vhCYJ7MQFlAY4Gg/BaEjcJVPLh6gYugSmSR Xy2y+wGeJpGZp1g6oJOVw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t=1671473903; x= 1671560303; bh=uZbmMNNBTgMD/YfpUN8ShSvJz/BPlQAE19VlBIM1acg=; b=q tBAKlqL3KrlkMZG7UStFv7JfxDUF6kaLmHJIECU8deiBgCIofH1gYSbGKocIhQkO geJnIprWwKDU18sAOcBETsDLKNFE3z4aSaW4qo3nIrjeQ5OJOrutPpcQm+TXrQ9e tDZDG5Ah4fKl7tp5LEMXqBxhlo9WiTu4ZJYY2NhyzLBZAGYfqavSlez9LS/rfjc5 MUoLReqkjzBn0DS1gnOF24Qf2i5OvuHM+1IVmHfa7R7EWTWphhO1OsftmsrsEPW7 C1w3yDDkR1lPMlY9iDkwm58J+YTkYZrF2Fxon+DE5GRyOx11cLsv163HipbywoIS OI+4fVtBfIXCrVygejqqQ==
X-ME-Sender: <xms:7qqgY5akMaixBbaBCCwsru0oaAwzOAh1WaX7oZwU0HZ5Mu9eTwowLg> <xme:7qqgYwb0P03NdjoNhyrfv4-osARHiIm6Q_mdNqd0KmvxsTqyVNWw7HT_Cq8wTbPnc Rj1AEq6TNCFMglmuA>
X-ME-Received: <xmr:7qqgY7-iYHq5KW7-jh_a23yZp2pbJsjKqZ_OLZMxAxRCNH-UCSpW2VfTZCCFhvma>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrgeefgdekgecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepkfffgggfvfevfhfhufgjtgfgsehtke ertddtfeejnecuhfhrohhmpefrvghtvghrucfurghinhhtqdetnhgurhgvuceoshhtphgv thgvrhesshhtphgvthgvrhdrihhmqeenucggtffrrghtthgvrhhnpeevgeegveeigfekge fhvdejgffhkeffvdejveektdduveeuteefieejffekkefgteenucffohhmrghinhephhht thhprghpphhlihgtrghtihhonhgtlhhivghnthhsrghnughsvghrvhgvrhhstghouhhlug hrvghquhhirhgvthhhvghushgvohhfthhlshdrhhgvrhgvpdhofigrshhprdhorhhgpdhi jhhjkhdrtghnnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrh homhepshhtphgvthgvrhesshhtphgvthgvrhdrihhm
X-ME-Proxy: <xmx:7qqgY3pRVNzhj5XmWuAGgzli_BGScDMuyL9e-pJC06MDxU1_-MOeEg> <xmx:7qqgY0oR1rU9i4kfY_oUSu6PT2heIV9YVlwbp8JqeyhJdeg9qqFDRA> <xmx:7qqgY9R0zFyDPkHDZm4LqA-HVssOOnlR3ZH0fFqunUBGny-urG0PtA> <xmx:76qgY_UgN2cmOlnPumbe3yLfN8Or34q0LNKtzPaL9f4mqxiBQw5XgQ>
Feedback-ID: i24394279:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 19 Dec 2022 13:18:21 -0500 (EST)
Message-ID: <ba6b8873-499a-420a-eec1-a57940dd1579@stpeter.im>
Date: Mon, 19 Dec 2022 11:18:21 -0700
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.5.1
Content-Language: en-US
To: Qin Wu <bill.wu@huawei.com>, "ops-dir@ietf.org" <ops-dir@ietf.org>
Cc: "draft-ietf-uta-rfc6125bis.all@ietf.org" <draft-ietf-uta-rfc6125bis.all@ietf.org>, "uta@ietf.org" <uta@ietf.org>
References: <c9e924075bb64ad7ad91a3122a6fa6bc@huawei.com>
From: Peter Saint-Andre <stpeter@stpeter.im>
In-Reply-To: <c9e924075bb64ad7ad91a3122a6fa6bc@huawei.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/nKWL466qzAG-4K5qh7eWT_R4YK4>
Subject: Re: [Uta] Opsdir early review of draft-ietf-uta-rfc6125bis-08
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Dec 2022 18:19:06 -0000
On 12/19/22 12:33 AM, Qin Wu wrote: >>> 7.Section 7.1 >>> I am surprised there is no protection measures to mitigate risk of >>> vouching for rogue or buggy hosts in this document? >> >> It seems to me that methods for mitigating the attacks described in [Defeating-SSL] and [HTTPSbytes] are probably out of scope for this document. >> >> The [HTTPSbytes] attack depends on cross-site scripting, and thus I think that mitigations should be explained in web-specific specifications (e.g., JavaScript, HTML input validation, cookies). >> >> The [Defeating-SSL] attack depends on starting with plaintext HTTP >> (not >> HTTPS) and of course no certificate checking happens over plaintext HTTP. The attack also includes further trickery involving UX differences between U-labels and A-labels as well as confusable characters, but in Section 6.3 we already specify that domains must be checked as A-labels and in Section 7.2 we point to relevant specifications regarding internationalized domain names. These matters are notoriously thorny and difficult to solve, so it's not clear to me how much more we can say. >> Naturally, suggestions are welcome. >> >> [Qin Wu] Thanks for clarification, it looks to me that attack described in [HTTPSbytes] can be solved in the solution proposed in web specific specification while attack described in [Defeating-SSL] can not be solved or fully solved. >> If that is the case, why we should quote [Defeating-SSL]? Is [Defeating-SSL] really relevant to this document? Do you assume plaintext HTTP can work with TLS? No? > > Perhaps some history would be helpful. > > When Jeff Hodges and I were working on the document that was eventually published as RFC 6125 (this was around 2009 or 2010, before the UTA WG was formed), we had a strong desire to remove wildcard certificates entirely. However, enough people said "wildcard certificates are important" that we were persuaded to leave them in. > > Here we are in 2022 and still enough people in the UTA WG said "wildcard certificates are important" that we could not gain consensus to remove them. > > However, it's also important to note that wildcard certificates can lead to various attacks. Although I think it's not the job of *this* specification to mitigate those attacks, people should be aware of them. > > With that said, we could also make people aware of some of the practical mitigations, such as: > > 1. Don't use wildcard certificates unless absolutely necessary. > > 2. To help mitigate against the attack described in [Defeating-SSL] (which starts with plaintext HTTP), application clients and servers could require the use of TLS. Here we could cite §3.2 of RFC 9325. > > 3. To help mitigate against the attack described in [HTTPSbytes], web clients and servers could put in place protections against cross-site scripting attacks. Here we could point to the OWASP guidelines at https://owasp.org/www-community/attacks/xss/ > > Do you think that adding some text along these lines would be an improvement? > > [Qin Wu] Thanks for history revisiting, Yes, quoting these practical mitigation that has already defined somewhere perfectly make sense and addresses my concern, especially section 3.2 of RFC9325, I am happy if you can add these clarifications and quotations which make me not scared about wildcard certificates any more.:-) > Thanks you for taking care of my remaining comment. Great. I had one more thought regarding [Defeating-SSL]. Notice that the example on Slide 92 of that presentation is as follows (actually `google` is supposed to be `gmail` but you get the idea): www.google.xn-- comaccountsservicelogin-5j9pia.f.ijjk.cn According to the rules in §6.3 of draft-ietf-uta-rfc6125bis-08, that domain does not match *.ijjk.cn because only one wildcard character is allowed and the wildcard must match only the leftmost label. The most that could be matched would be f.ijjk.cn. Using this label, the fake URL would be: https://com╱accounts╱servicelogin.f.ijjk.cn Could that still fool someone into clicking it? Perhaps, but without the widely known company or service name in the fake URL perhaps the risk is lower. However, I don't know if this really helps, because even though various full stop characters (e.g., U+3002 IDEOGRAPHIC FULL STOP) are disallowed by RFC 5892 in internationalized domain name labels, I have no doubt that a clever attacker could construct a single label that could fool some users into believing that the domain looks legitimate. Peter
- [Uta] Opsdir early review of draft-ietf-uta-rfc61… Qin Wu via Datatracker
- Re: [Uta] [OPS-DIR] Opsdir early review of draft-… Warren Kumari
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Peter Saint-Andre
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Qin Wu
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Peter Saint-Andre
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Qin Wu
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Peter Saint-Andre
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Peter Saint-Andre
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Qin Wu
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Martin Thomson
- Re: [Uta] Opsdir early review of draft-ietf-uta-r… Qin Wu