TNAuthList Profile of Automated Certificate Management Environment (ACME) Authority Token
draft-ietf-acme-authority-token-tnauthlist-13
Discuss
Yes
Roman Danyliw
No Objection
(Martin Vigoureux)
Note: This ballot was opened for revision 08 and is now closed.
Roman Danyliw
Yes
Erik Kline
No Objection
Comment
(2021-11-30 for -08)
Not sent
Nothing useful to add.
Francesca Palombini
(was Discuss)
No Objection
Comment
(2022-06-30 for -08)
Sent for earlier
Thank you Paul for picking up my DISCUSS. Francesca
John Scudder
No Objection
Comment
(2021-12-01 for -08)
Not sent
What Warren said.
Murray Kucherawy
(was Discuss)
No Objection
Comment
(2022-10-23 for -10)
Sent
Thank you to Sean Turner for the ARTART review. I support Francesca's DISCUSS. The shepherd writeup appears to be confused with the one for draft-ietf-acme-authority-token. This one has the abstract for that one, for example. Thanks for addressing my DISCUSS position. However, the paragraph containing the new reference to RFC 4686 seems a bit jumbled. You might want to take another run at it before sending it to the RFC Editor.
Paul Wouters
(was Discuss)
No Objection
Comment
(2023-02-07)
Sent
The last typo was fixed in -23
Warren Kumari
No Objection
Comment
(2021-11-30 for -08)
Not sent
I'm balloting No Objection in the "This is outside my area of expertise" / "I read the protocol action, and I trust the sponsoring AD so have no problem" sense of the term. I fully agree with Eric's "Feel free to ignore but a small ASCII ART / SVG describing the interactions between all components would help the reader to understand the whole process." comment -- I'm assuming that the audience / implementers will be able to parse this document, but I was fairly lost...
Zaheduzzaman Sarker
No Objection
Comment
(2021-12-02 for -08)
Not sent
I haven't noted any transport related issues. I, however, support Murray Kucherawy's discuss.
Éric Vyncke
(was Discuss)
No Objection
Comment
(2022-10-20 for -10)
Sent
Thank you for the work put into this document and addressing my blocking DISCUSS comment of November 2021: https://mailarchive.ietf.org/arch/msg/acme/wN7QIYzrDfZ1dBj8M5yXLRQAWDU/ Therefore, my DISCUSS ballot is now cleared. A reply and action on the comments below will be appreciated, this is completely optional of course. Best regards -éric == COMMENTS == Feel free to ignore but a small ASCII ART / SVG describing the interactions between all components would help the reader to understand the whole process. -- Section 3 -- Is "TN" a well-known acronym ? Please expand it at first use (even if I guess that "TN" stands for telephone number). -- Section 5.4 -- s/which shall be 'SHA256'/which MUST be 'SHA256'/ ? -- Section 5.7 -- Please expand "SPC", "OCN" on first use. As "SPID" is in https://www.rfc-editor.org/materials/abbrev.expansion.txt, its expansion is not mandatory but would be welcome. -- Section 6 -- In "then the CA MUST set the challenge object "status" to "valid"", isn't it up to the ACME server to do this action ?
Benjamin Kaduk Former IESG member
Discuss
Discuss
[Treat as non-blocking comment]
(2021-11-27 for -08)
Sent
(0) As written, the validation procedures for the authority token contain a gaping security hole. In particular, §6 has us use the public key of the certificate referenced by the token's "x5u" parameter, without checking that that "x5u" value (or the certificate it references) is a trusted issuer of authority tokens. This in essence boils down to "go fetch a certificate from an attacker provided location and verify that the signature over the attacker-provided token was made by that attacker-provided certificate". This is trivial for an attacker to achieve and provides no security value. We need to know that the token issuer is trusted and authorized to issue this class of token. The companion document draft-ietf-acme-authority-token does describe the need for this mutual trust relationship, but it is negligent for us to provide a step-by-step procedure here that omits this step. (1) Related to my discuss on draft-ietf-acme-authority-token, we should be clear on which document is the authoritative specification for "token-authority" usage; at present the description seems to be split across the two documents. (2) Section 3 The format of the string that represents the TNAuthList MUST be constructed as a base64 [RFC4648] encoding of the TN Authorization List certificate extension ASN.1 object. The TN Authorization List certificate extension ASN.1 syntax is defined in [RFC8226] section 9. Does it need to be the (base64 encoding of the) DER encoding of the ASN.1 object? Or do we allow less stringent ASN.1 encoding rules? (Similarly in §5.4.) (3) I think my discuss point on draft-ietf-acme-authority-token about how the issuer is identified will also apply (with slight modification) to this document -- in §5.1 we have text that indicates either "iss" or "x5u" identifies the issuer, which I do not believe to be accurate. (4) This document claims to define the "atc" claim, but draft-ietf-acme-authority-token also claims to do so. I note that the IANA registration is currently in the other document, but this one has a more accurate/fleshed-out description of the contents, including the various keys that are present in the JSON object. (The other document says it's an "array", not an object!) (5) The end of §5.5 has some guidance on HTTP response codes in various failure cases. The proposed behavior provides a trivial side channel to an attacker as to whether a given account ID exists (404 vs 403), and I think we should avoid providing such a side channel, returning 403 for most failures. (6) The validation procedure in §6 just says to check that the "fingerprint" claim is "valid". I think we should be more specific and say that it must match the account key of the client making the request.
Lars Eggert Former IESG member
No Objection
No Objection
(2021-11-29 for -08)
Sent
This document uses the RFC2119 keywords "REQUIRED", "SHOULD NOT", "OPTIONAL", "RECOMMENDED", "MAY", "SHALL", "MUST NOT", "SHOULD", "MUST, and "SHALL NOT", but does not contain the recommended RFC8174 boilerplate. (It contains a variant of the RFC2119 boilerplate.) Thanks to Pete Resnick for their General Area Review Team (Gen-ART) review (https://mailarchive.ietf.org/arch/msg/gen-art/pvVWaHcMESMTsLWBOgdjocQgi_Y). ------------------------------------------------------------------------------- All comments below are about very minor potential issues that you may choose to address in some way - or ignore - as you see fit. Some were flagged by automated tools (via https://github.com/larseggert/ietf-reviewtool), so there will likely be some false positives. There is no need to let me know what you did with these suggestions. Section 5.1. , paragraph 2, nit: > "ca" is an optional key, if it not included the "ca" value is considered fa > ^^^^^^^^^^^^ A verb ("be" or "have") is missing before the past participle. Section 6. , paragraph 3, nit: > t of telephone numbers represented by a SPC. The creation, transport, and any > ^ Use "an" instead of "a" if the following word starts with a vowel sound, e.g. "an article", "an hour". Document references draft-ietf-stir-cert-delegation, but that has been published as RFC9060. Document references draft-ietf-acme-authority-token-05, but -07 is the latest available revision.
Martin Duke Former IESG member
No Objection
No Objection
(2021-11-19 for -08)
Sent
Please expand SP, CSP, and CA on first use.
Martin Vigoureux Former IESG member
No Objection
No Objection
(for -08)
Not sent
Robert Wilton Former IESG member
No Objection
No Objection
(2021-12-01 for -08)
Not sent
+1 to Warren's comments.