Hi Brian,
On 19/06/2020 23:08, Brian Sipos wrote:
Sebastian,
Thank you very much for this clarification. This would apply to all
message exchange validation types then (including the one I'm looking
into).
I notice that the email validation draft does not mention multiple
attempts from different sources, which RFC8555 does discuss briefly
[1]. Is there an expectation that an email validation would be
attempted from multiple ACME server addresses,
If you meant "ACME server IP addresses", then the answer is "yes".
Section 10.2 text of RFC 8555 applies to the HTTP portion of validation.
If you asking whether it is a good idea for ACME server to use different
SMTP submission servers when sending ACME challenges, then again this is
a good idea. But because of how many email systems are configured, there
is typically a single point in originating network where all traffic can
be MITMed.
If you meant "ACME server email addresses", then the answer is "no".
Even though this is not prohibited.
or is a MITM attack on messaging not handled because of the nature of
email security?
Right. Although use of MTA-to-MTA TLS is becoming a new norm, which
helps a bit.
Best Regards,
Alexey
[1] https://tools.ietf.org/html/rfc8555#section-10.2
<https://tools.ietf.org/html/rfc8555#section-10.2>
------------------------------------------------------------------------
*From:* Sebastian Nielsen
*Sent:* Friday, June 19, 2020 13:25
*To:* Brian Sipos; [email protected]
*Cc:* [email protected]
*Subject:* SV: [Acme] ACME email validation
The reason is to prevent email spoofing.
In the case of .well-known or DNS validation, or ALPN, you publish a
record where ACME fetches. That can’t be spoofed, because ACME itself
searches for the record, you can’t send ACME a record and have it accept..
In the email case, you instead send ACME the response back via email,
which could be spoofed, if you had access to only the ACME client, if
whole the token was given by ACME client.
And in the second case, if whole token was given by email, it could be
a private key that is being used for another thing – lets say signing
internal certificates via HSM, where the signing system is misused to
gain SMIME certificates by signing the token, without having access to
the corresponding ACME client where the private key is installed. By
requiring 2 parts of a token, you ensure the client has access to BOTH
the email inbox AND the ACME client, AND the private key aswell.
To ensure that the person replying to the email BOTH have access to
the email account AND the ACME client, he must join 2 parts of a
secure token, and then use his private key to calculate the value.
*Från:*[email protected] <[email protected]> *För *Brian Sipos
*Skickat:* den 19 juni 2020 00:13
*Till:* [email protected]
*Kopia:* [email protected]
*Ämne:* [Acme] ACME email validation
All,
In a recent draft I created for using ACME for non-web-PKI
verification [1] I see that there are many similarities with an
earlier draft for email verification [2]. In that email protocol, the
challenge token is split into two parts which arrive at the email
validation agent through two paths: token-part1 via the validation
channel, and token-part2 via the ACME channel.
Is there a technical reason why the token is split into two parts like
this? Is replying with the proper corresponding Key Authorization not
sufficient to prove ownership of the email address?
I don't see any similar challenge token splitting in other ACME drafts
and I don't see anything obvious in [2] to indicate why the split is
useful or needed. I also didn't see any related discussion earlier on
the ACME mailing list.
Thank you,
Brian S.
[1] https://datatracker.ietf.org/doc/html/draft-sipos-acme-dtnnodeid-00
[2] https://datatracker.ietf.org/doc/html/draft-ietf-acme-email-smime-08
_______________________________________________
Acme mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/acme
