Based on Jacob's research, I'm pretty well convinced that this is not an issue. Nonetheless, I have posted a PR to add some text about this risk.
https://github.com/ietf-wg-acme/acme/pull/306 On Thu, Apr 27, 2017 at 12:55 AM, Jacob Hoffman-Andrews <[email protected]> wrote: > On 03/30/2017 09:04 AM, Sean Leonard wrote: > > IN PARTICULAR: both Apache and Ngnix may be subject to a private key > substitution attack with naive passing of the ACME response to the web > server! See: > http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate > http://httpd.apache.org/docs/current/mod/mod_ssl.html#sslcertificatefile > > The SSL Certificate option includes the option of including the private > key in the same input: “A secret key in the PEM format may be placed in > the same file.” > > I tried to reproduce this, and I believe you are incorrect that a private > key substitution attack works. > > For both Nginx and Apache, I created a file containing a PEM-encoded > certificate, and appended a PEM-encoded RSA private key corresponding to > the public key in the certificate. I then placed a different PEM-encoded > RSA private key in cert-key.pem. I configured the certificate with > ssl_certificate or SSLCertificateFile, respectively, and the key with > ssl_certificate_key or SSLCertificateKeyFile, respectively. For Apache, I > got: > > [Wed Apr 26 21:45:50.094519 2017] [ssl:emerg] [pid 10967] AH02565: > Certificate and private key ocsp.test.wtf:8443:0 from > /home/jsha/ocsp-stapling-examples/cert.pem and > /home/jsha/ocsp-stapling-examples/cert-key.pem > do not match > AH00016: Configuration Failed > > For Nginx, I got: > > 2017/04/26 21:51:48 [emerg] 11164#11164: > SSL_CTX_use_PrivateKey_file("./cert-key.pem") > failed (SSL: error:0B080074:x509 certificate > routines:X509_check_private_key:key > values mismatch) > > In neither case did the server successfully start up. Absent the private > key substitution attack, I don't see a strong argument against offering > certificates and chains in the very common PEM format by default. > > _______________________________________________ > Acme mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/acme > >
_______________________________________________ Acme mailing list [email protected] https://www.ietf.org/mailman/listinfo/acme
