Re: StartEncrypt considered harmful today

2016-07-06 Thread Nick Lamb 
On Thursday, 7 July 2016 01:52:23 UTC+1, Peter Gutmann  wrote:
> There wasn't any decision to leave it unaddressed, no-one had ever expressed
> any interest in this at any point during the work on the previous protocols,
> so there's nothing about it in any of the specs.

This claim is plainly false. Early drafts of SCEP, before it confined itself to 
"closed networks" even spell out what the problem is before they basically say 
they're not going to make any real attempt to tackle it.

CMP, CMC and SCEP all resort to saying that some "out of band" mechanism should 
be used to verify that the applicant is or controls the subject DN and treat 
this problem as completely out of scope. Even by 2005 this should have seemed 
like weak sauce indeed.

> If anyone did care about it,
> it shouldn't be too hard to add support for it to any of the existing
> protocols.

"Schneier's Law" very much applies.

> Well, it solves a problem that no previous protocol, or potential user of the
> protocol, had even acknowledged as a problem before.  Whether that's (a) worth
> creating an entirely new protocol rather than just adding support for it to an
> existing, long-established one and (b) will make said new protocol a success
> when every other attempt to do this has failed, is another matter.

Each week several hundred thousand certificates are issued using (an earlier 
draft of) ACME by what is now as a result one of the Web PKI's top five 
Certificate Authorities in terms of how many sites use its certificates.

I'm content to label this "success" even before ACME becomes an RFC.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: StartEncrypt considered harmful today

2016-07-06 Thread Richard Barnes 
On Wed, Jul 6, 2016 at 4:50 AM, Peter Gutmann 
wrote:

> Nick Lamb  writes:
>
> >ACME is a protocol intended to become an IETF Standards Track RFC.
>
> Oh dear God, another one?  We've already got CMP, CMC, SCEP, EST, and a
> whole
> slew of other ones that failed to get as far as RFCs, which all do what
> ACME
> is trying to do.  What's the selling point for ACME?  That it blows up in
> your
> face at the worse possible time?
>

Read the draft, man.  ACME is targeted at a problems that none of those
other protocols solve -- most critically, enabling the applicant to
demonstrate control of an identifier.  That's the reason you have all of
these CA proprietary APIs and ACME; these previous efforts failed to solve
the problems people actually cared about.

--Richard


>
> Peter.
> ___
> dev-security-policy mailing list
> dev-security-policy@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-security-policy
>
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: StartEncrypt considered harmful today

2016-07-06 Thread Nick Lamb 
On Wednesday, 6 July 2016 09:50:46 UTC+1, Peter Gutmann  wrote:
> Oh dear God, another one?  We've already got CMP, CMC, SCEP, EST, and a whole
> slew of other ones that failed to get as far as RFCs, which all do what ACME
> is trying to do.  What's the selling point for ACME?  That it blows up in your
> face at the worse possible time?

In the examples I've reviewed the decision seems to have been made (either 
explicitly or tacitly) to leave the really difficult problem - specifically 
achieving confidence in the identity of the subject - completely unaddressed. 
ACME went out of its way to address it for the domain we care about around here.

Your work on SCEP is probably appreciated by people who aren't interested in 
that problem, but this forum is concerned with the Web PKI, where that problem 
is pre-eminent, and this thread is about another provider, StartCom trying and 
failing to solve that problem.

So the answer to your question is that ACME's selling point is that it solves 
the problem lots of people actually have, a problem which was traditionally 
solved by various ad hoc methods whose security (or more often otherwise) was 
only inspected after the fact rather than being considered in advance.

I presume the "blows up in your face" comment was purely because of ACME's 
hilarious choice of name, but if not please elaborate _in a thread about ACME_
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

RE: StartEncrypt considered harmful today

2016-07-06 Thread Peter Gutmann 
Nick Lamb  writes:

>ACME is a protocol intended to become an IETF Standards Track RFC.

Oh dear God, another one?  We've already got CMP, CMC, SCEP, EST, and a whole
slew of other ones that failed to get as far as RFCs, which all do what ACME
is trying to do.  What's the selling point for ACME?  That it blows up in your
face at the worse possible time?

Peter.
___
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy