Hi Alexey,
On Thu, Nov 05, 2020 at 11:07:02AM +0000, Alexey Melnikov wrote:
> Hi Ben,
>
> I am sending you a partial reply, as I am still editing the document
> based on some of your more detailed comments:
Sure, happy to handle things in batches.
> On 05/11/2020 08:03, Benjamin Kaduk via Datatracker wrote:
>
> > ----------------------------------------------------------------------
> > DISCUSS:
> > ----------------------------------------------------------------------
> >
> > I have one point that I am not sure of the significance of and would
> > like to discuss further, and one point that I think has a fairly
> > clear/straightforward resolution.
> >
> > One of the key properties of ACME is that its authenticator provides
> > assurance that both a party controlling the identifier to be certified
> > and the ACME client jointly assent to the certification request of that
> > identifier. I'm trying to explore a bit more the "jointly assent" part,
> > and whether it is clear that all steps of the challenge/validation flow
> > are ultimatetly tied to the same order request.
> > In the validation flows for the challenge types from 8555, the full
> > token is returned to the ACME client, which then provides the token to
> > the entity that controls the identifier being certified, in order to set
> > up state to expect a verification attempt using that token. In this
> > email validation flow, though, the token-part1 is *only* present in the
> > challenge email, so there is no thread of continuity that allows the
> > email account holder to tie the validation attempt to the specific
> > request (i.e., token). Any message that comes in claiming to be an ACME
> > challenge would end up being treated as a validation attempt for the
> > pending request, so the ACME server (or a party pretending to be one)
> > does not have to provide any proof of knowledge of the pending
> > validation before the response email is generated. Some key properties
> > here seem to include: there is a portion (token-part2) to the response
> > email that can only be provided by the ACME client, there is a part
> > (token-part1) to the response email that can only be provided by an
> > entity that can receive email at the email address being validated, and
> > that the validation attempt, response email, and ACME order request can
> > be tied together by unique identifiers. It seems that we could achieve
> > all three of these by having the HTTPS response to the ACME client
> > include a token-part0 as well as the token-part2, with token-part0 being
> > used as the subject line of the challenge email and token-part1 being
> > conveyed in some fashion (whether body or headers) of the challenge
> > email. Does such a scheme provide any useful properties that are not
> > provided by the current scheme?
> We might need to have a conference call, as I don't fully understand
> your concerns here. But let me think about this a bit more.
[We have scheduled a call, out of band.]
Maybe I can try to step through the http case and the email case.
I am sure I will miss some steps since the distinction between user, web
server/email operator, ACME client, and possibly other entities, can be
fuzzy at times.
For HTTP, it's something like:
1) user wants a cert
2) user makes ACME client create a new order
3) ACME server creates the order+challenge, returning token to ACME client
4) user gets token from ACME client and provisions the webserver to handle
a challenge with that token
5) ACME server makes an HTTP validation query using the token value
6) webserver responds to challenge using key authorization
7) success
Note that in (4) the webserver knows what token to expect, so the
challenge/response are tightly tied to the particular order (because the
token value is tied to the order).
For email, it seems like we're proposing:
1) user wants a cert
2) user directs email client to direct ACME client to create a new order
3) ACME server creates the order+challenge, returns token-part2 to ACME
client
4) user directs email client or other infrastructure to expect a challenge
(including token-part2)
5) ACME server sends challenge email with token-part1
6) email client notes that an ACME challenge arrived, searches for
information about any pending expected challenges, and finds token-part2
7) user/email client produces challenge response including key
authorization (using token-part1 and token-part2)
The part in (6) where the email client has to search for all/any pending
expected challenges seems much weaker than in the HTTP case, as *any*
incoming message formatted like an ACME challenge could elicit the response
message. This would not directly leak token-part2 (IIUC -- there would be
a pretty straightforward copy/paste attack if we did!) since we hash the
key authorization before transport, but it still seems problematic (and
could, e.g., reveal that the client is expecting an incoming ACME
challenge). It seems "safer" in some intuitive sense if the email client
knows exactly what challenge to expect and that is tied to a specific
order. The challenge does need to include some information that is not
obtained in any other way, though, of course.
> > The more straightforward point is that the procedure in section 3
> > indicates that token-part2 is returned to the ACME client over HTTPS,
> > but the stated procedure does not otherwise involve an ACME client in
> > initiating the newOrder request. I think we need to clarify the
> > interaction/relationship between end-user/email client UI/etc and the
> > ACME client in step 1. In particular, I think that "[t]his document
> > doesn't prescribe how exactly S/MIME certificate issuance is initiated"
> > seems incompatible with requiring there to be an ACME client involved
> > (and the presumed newOrder ACME request, etc.) unless the "initiate"
> > operation is supposed to be the way by which the ACME client is
> > triggered to start the request.
> Yes. When I wrote this text I was thinking either user pushing a button
> on a CA's website saying "initiate S/MIME certificate issuance for me",
> running a command line tool a la Let's Encrypt or pushing a button in an
> ACME-aware MUA. Can you suggest how to clarify this?
I am not sure how the "button on CA's website" would work -- you need a
full ACME client with registered key/etc. in order for the ACME order flow
to work. I am pretty sure that the architecture assumes that the ACME
client is associated with the entity receiving the cert (often, but not
always, colocated), not with the CA.
My current best thought is that we say up front that there is an ACME
client involved in the issuance process, which could be integrated into a
MUA, a local command-line command, etc. Then the subsequent steps that
involve that ACME client have more context.
> > ----------------------------------------------------------------------
> > COMMENT:
> > ----------------------------------------------------------------------
> >
> > The discuss point notwithstanding, if we assume that the current
> > validation process does provide the necessary linkage across steps, it
> > seems that the procedure would provide only similar properties to the
> > RFC 8555 validation flows -- I am having a hard time convincing myself
> > that we definitely have the 128-bit security level for all the
> > information paths at play. It seems like having both token-part1 and
> > token-part2 each be 128+ bits would be fairly low-cost and would give
> > greater peace of mind that we are not opening up any 64-bit attacks.
> Making them both 128 bits is fine with me.
> > Using "ACME:" as the Subject: marker for both challenge mail and
> > response mail potentially sets us up for various reflection/janus-like
> > attacks.
> Can you elaborate on this? Responses would have some kind of prefix in
> front of "ACME" (e.g. "Re: ACME: ..."), so they will never be the same
> subjects as in challenges.
I guess I had not looked closely at this subtlety, but having done so, I am
not convinced that we can really rely on the "ACME:" in the challenge being
the start of the subject (nor do we imply that the client needs to be
enforcing this attribute!). Consider, for example, how many "[BULK]",
"[EXTERNAL]", etc. tags are added in various environments. So in practice,
I expect "Subject: <arbitrary stuff> ACME: <token-part1>" to match as both
a challenge and as a response. I am not sure what cost there would be in a
client changing it to use (e.g.) "ACME-RESPONSE:" in the response, and not
having to worry about reflection or misbinding attacks seems like a
significant benefit, so the cost/benefit analysis seems pretty clear to me
so far :)
> > We could give some warnings about this in the security
> > considerations, or just indicate in-band whether it is a challenge or a
> > response...
> >
> > Section 3
> >
> > contains at least 64 bits of entropy. (ACME server MUST generate
> > token afresh for each S/MIME issuance request.) The challenge
> >
> > nit: missing article ("the"), twice ("The ACME server", "the token").
>
> Already fixed in my copy due to other comments.
Thanks!
-Ben
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
