| rfc9891v2.txt | rfc9891.txt | |||
|---|---|---|---|---|
| skipping to change at line 187 ¶ | skipping to change at line 187 ¶ | |||
| individual entity or across a network. | individual entity or across a network. | |||
| * Policies or mechanisms for an ACME server to handle mixed-use | * Policies or mechanisms for an ACME server to handle mixed-use | |||
| certificate signing requests. This specification is focused only | certificate signing requests. This specification is focused only | |||
| on single-use DTN-specific PKIX profiles. | on single-use DTN-specific PKIX profiles. | |||
| 1.2. Authorization Strategy | 1.2. Authorization Strategy | |||
| The basic unit of data exchange in a DTN is a Bundle [RFC9171], which | The basic unit of data exchange in a DTN is a Bundle [RFC9171], which | |||
| consists of a data payload with accompanying metadata. An EID is | consists of a data payload with accompanying metadata. An EID is | |||
| used as the destination of a Bundle and can indicate both a singleton | used as the destination of a Bundle and can indicate either a | |||
| or a group destination. A Node ID is used to identify the source of | singleton or a group destination. A Node ID is used to identify the | |||
| a Bundle and is used for routing through intermediate nodes, | source of a Bundle and is used for routing through intermediate | |||
| including the final node(s) used to deliver a Bundle to its | nodes, including the final node(s) used to deliver a Bundle to its | |||
| destination endpoint. A Node ID can also be used as an endpoint for | destination endpoint. A Node ID can also be used as an endpoint for | |||
| administrative Bundles. More detailed descriptions of the rationale | Bundles conveying administrative records as explained in Section 6 of | |||
| and capabilities of these networks can be found in the | [RFC9171]. More detailed descriptions of the rationale and | |||
| "Delay-Tolerant Networking Architecture" [RFC4838]. | capabilities of these networks can be found in the "Delay-Tolerant | |||
| Networking Architecture" [RFC4838]. | ||||
| When an ACME client requests a pre-authorization or an order with an | When an ACME client requests a pre-authorization or an order with an | |||
| identifier type "bundleEID" (Section 2), the ACME server offers a | identifier type "bundleEID" (Section 2), the ACME server offers a | |||
| "bp-nodeid-00" challenge type (Section 3) to validate that Node ID. | "bp-nodeid-00" challenge type (Section 3) to validate that Node ID. | |||
| If the ACME client attempts the authorization challenge to validate a | If the ACME client attempts the authorization challenge to validate a | |||
| Node ID, the ACME server sends an ACME Node ID Validation Challenge | Node ID, the ACME server sends an ACME Node ID Validation Challenge | |||
| Bundle with a destination of the Node ID being validated. The BP | Bundle with a destination of the Node ID being validated. The BP | |||
| Agent on that node receives the Challenge Bundle, generates an ACME | Agent on that node receives the Challenge Bundle, generates an ACME | |||
| Key Authorization digest, and sends an ACME Node ID Validation | Key Authorization digest, and sends an ACME Node ID Validation | |||
| Response Bundle in reply. An Integrity Gateway on the client side of | Response Bundle in reply. An Integrity Gateway on the client side of | |||
| skipping to change at line 266 ¶ | skipping to change at line 267 ¶ | |||
| [RFC8610]. The entire CDDL structure can be extracted from the XML | [RFC8610]. The entire CDDL structure can be extracted from the XML | |||
| version of this document using the XPath expression: | version of this document using the XPath expression: | |||
| '//sourcecode[@type="cddl"]' | '//sourcecode[@type="cddl"]' | |||
| The following initial fragment defines the top-level symbols of this | The following initial fragment defines the top-level symbols of this | |||
| document's CDDL, which includes the example CBOR content. | document's CDDL, which includes the example CBOR content. | |||
| start = acme-record / bundle / tstr | start = acme-record / bundle / tstr | |||
| The definitions for the rule bundle and socket $admin-record are | ||||
| taken from Appendix B of [RFC9171]. | ||||
| 1.4. Terminology | 1.4. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and | |||
| "OPTIONAL" in this document are to be interpreted as described in | "OPTIONAL" in this document are to be interpreted as described in | |||
| BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all | |||
| capitals, as shown here. | capitals, as shown here. | |||
| Because this document combines two otherwise unrelated contexts, ACME | Because this document combines two otherwise unrelated contexts, ACME | |||
| and DTN, when a protocol term applies to one of those areas and is | and DTN, when a protocol term applies to one of those areas and is | |||
| skipping to change at line 512 ¶ | skipping to change at line 516 ¶ | |||
| Challenge Object (Section 3.1) contained in an authorization | Challenge Object (Section 3.1) contained in an authorization | |||
| object associated with the order in accordance with Section 7.1.4 | object associated with the order in accordance with Section 7.1.4 | |||
| of [RFC8555]. | of [RFC8555]. | |||
| 3. The ACME client indicates to the administrative element of its BP | 3. The ACME client indicates to the administrative element of its BP | |||
| Agent the id-chal that is authorized for use along with the | Agent the id-chal that is authorized for use along with the | |||
| associated token-chal and client account key thumbprint. The | associated token-chal and client account key thumbprint. The | |||
| ACME client waits, if necessary, until the Agent is configured | ACME client waits, if necessary, until the Agent is configured | |||
| before proceeding to the next step. | before proceeding to the next step. | |||
| 4. The ACME client POSTs a response object (Section 3.2) to the | 4. The ACME client POSTs a Response Object (Section 3.2) to the | |||
| challenge URL on the ACME server in accordance with Section 7.5.1 | challenge URL on the ACME server in accordance with Section 7.5.1 | |||
| of [RFC8555]. The payload object is constructed in accordance | of [RFC8555]. The payload object is constructed in accordance | |||
| with Section 3.2. | with Section 3.2. | |||
| 5. The administrative element waits for a Challenge Bundle to be | 5. The administrative element waits for a Challenge Bundle to be | |||
| received with the authorized ACME parameters, including its id- | received with the authorized ACME parameters, including its id- | |||
| chal payload, in accordance with Section 3.3. | chal payload, in accordance with Section 3.3. | |||
| 6. The administrative element concatenates token-bundle with token- | 6. The administrative element concatenates token-bundle with token- | |||
| chal (each as base64url-encoded text strings) and computes the | chal (each as base64url-encoded text strings) and computes the | |||
| skipping to change at line 562 ¶ | skipping to change at line 566 ¶ | |||
| accordance with Section 3.2. | accordance with Section 3.2. | |||
| 4. The ACME server sends, via the administrative element of its BP | 4. The ACME server sends, via the administrative element of its BP | |||
| Agent, one or more Challenge Bundles in accordance with | Agent, one or more Challenge Bundles in accordance with | |||
| Section 3.3. Each Challenge Bundle contains a distinct, random | Section 3.3. Each Challenge Bundle contains a distinct, random | |||
| token-bundle to be able to correlate with a Response Bundle. | token-bundle to be able to correlate with a Response Bundle. | |||
| Computing an expected Key Authorization digest is not necessary | Computing an expected Key Authorization digest is not necessary | |||
| until a response is received with a chosen hash algorithm. | until a response is received with a chosen hash algorithm. | |||
| 5. The ACME server waits for a Response Bundle(s) for a limited | 5. The ACME server waits for a Response Bundle(s) for a limited | |||
| interval of time (based on the response object of Section 3.2). | interval of time (based on the Response Object of Section 3.2). | |||
| Responses are encoded in accordance with Section 3.4. | Responses are encoded in accordance with Section 3.4. | |||
| 6. Once received and decoded, the ACME server checks the contents of | 6. Once received and decoded, the ACME server checks the contents of | |||
| each Response Bundle in accordance with Section 3.4.1. After all | each Response Bundle in accordance with Section 3.4.1. After all | |||
| Challenge Bundles have either been responded to or timed-out, the | Challenge Bundles have either been responded to or timed-out, the | |||
| ACME server policy (see Section 3.5) determines whether the | ACME server policy (see Section 3.5) determines whether the | |||
| validation is successful. If validation is not successful, a | validation is successful. If validation is not successful, a | |||
| client may retry the challenge that starts in Step 3. | client may retry the challenge that starts in Step 3. | |||
| When responding to a Challenge Bundle, a BP Agent SHALL send a single | When responding to a Challenge Bundle, a BP Agent SHALL send a single | |||
| skipping to change at line 625 ¶ | skipping to change at line 629 ¶ | |||
| "token-chal": "tPUZNY4ONIk6LxErRFEjVw" | "token-chal": "tPUZNY4ONIk6LxErRFEjVw" | |||
| } | } | |||
| The token-chal value included in this object applies to the entire | The token-chal value included in this object applies to the entire | |||
| challenge and may correspond with multiple separate token-bundle | challenge and may correspond with multiple separate token-bundle | |||
| values when multiple Challenge Bundles are sent for a single | values when multiple Challenge Bundles are sent for a single | |||
| validation. | validation. | |||
| 3.2. DTN Node ID Response Object | 3.2. DTN Node ID Response Object | |||
| The DTN Node ID response object is sent by the ACME client when it | The DTN Node ID Response Object is sent by the ACME client when it | |||
| authorizes validation of a Node ID as defined in Section 7.5.1 of | authorizes validation of a Node ID as defined in Section 7.5.1 of | |||
| [RFC8555]. Because a DTN has the potential for significantly longer | [RFC8555]. Because a DTN has the potential for significantly longer | |||
| (but roughly predictable) delays than a non-DTN network, the ACME | (but roughly predictable) delays than a non-DTN network, the ACME | |||
| client is able to inform the ACME server if a particular validation | client is able to inform the ACME server if a particular validation | |||
| round-trip is expected to take longer than non-DTN network delays (on | round-trip is expected to take longer than non-DTN network delays (on | |||
| the order of seconds). | the order of seconds). | |||
| The DTN Node ID response object has the following content: | The DTN Node ID Response Object has the following content: | |||
| rtt (optional, number): An expected Round-Trip Time (RTT), in | rtt (optional, number): An expected Round-Trip Time (RTT), in | |||
| seconds, between sending a Challenge Bundle and receiving a | seconds, between sending a Challenge Bundle and receiving a | |||
| Response Bundle. This value is a hint to the ACME server for how | Response Bundle. This value is a hint to the ACME server for how | |||
| long to wait for responses but is not authoritative. The minimum | long to wait for responses but is not authoritative. The minimum | |||
| RTT value SHALL be zero. There is no special significance to | RTT value SHALL be zero. There is no special significance to | |||
| zero-value RTT, it simply indicates the response is expected in | zero-value RTT, it simply indicates the response is expected in | |||
| less than the least significant unit used by the ACME client. | less than the least significant unit used by the ACME client. | |||
| { | { | |||
| "rtt": 300.0 | "rtt": 300.0 | |||
| } | } | |||
| A response object SHALL NOT be sent until the BP Agent has been | A Response Object SHALL NOT be sent until the BP Agent has been | |||
| configured to properly respond to the challenge. The RTT value is | configured to properly respond to the challenge. The RTT value is | |||
| meant to indicate any node-specific path delays expected to be | meant to indicate any node-specific path delays expected to be | |||
| encountered from the ACME server. Because there is no requirement on | encountered from the ACME server. Because there is no requirement on | |||
| the path (or paths) regarding which Bundles may traverse between the | the path (or paths) regarding which Bundles may traverse between the | |||
| ACME server and the BP Agent, and the ACME server can attempt some | ACME server and the BP Agent, and the ACME server can attempt some | |||
| path diversity, the RTT value SHOULD be pessimistic. | path diversity, the RTT value SHOULD be pessimistic. | |||
| A default Bundle response interval, used when the object does not | A default Bundle response interval, used when the object does not | |||
| contain an RTT, SHOULD be a configurable parameter of the ACME | contain an RTT, SHOULD be a configurable parameter of the ACME | |||
| server. If the ACME client indicated an RTT value in the object, the | server. If the ACME client indicated an RTT value in the object, the | |||
| skipping to change at line 1019 ¶ | skipping to change at line 1023 ¶ | |||
| 6.2. Threat: BP Node Impersonation | 6.2. Threat: BP Node Impersonation | |||
| As described in Section 10.1 of [RFC8555], it is possible for an | As described in Section 10.1 of [RFC8555], it is possible for an | |||
| active attacker to alter data on both ACME client channel and the DTN | active attacker to alter data on both ACME client channel and the DTN | |||
| validation channel. | validation channel. | |||
| The primary mitigation is to delegate Bundle integrity sourcing to a | The primary mitigation is to delegate Bundle integrity sourcing to a | |||
| trusted routing node near, in the sense of Bundle routing topology, | trusted routing node near, in the sense of Bundle routing topology, | |||
| the Bundle source node as defined in Section 4. This is functionally | the Bundle source node as defined in Section 4. This is functionally | |||
| similar to the DKIM signing [RFC6376] and provides some level of | similar to DKIM email signing [RFC6376] and provides some level of | |||
| secure Bundle origination. | secure Bundle origination. | |||
| Another way to mitigate on-path attacks is to attempt validation of | Another way to mitigate on-path attacks is to attempt validation of | |||
| the same Node ID from multiple sources, hopefully via multiple Bundle | the same Node ID from multiple sources, hopefully via multiple Bundle | |||
| routing paths, as defined in Section 3.5. It is not a trivial task | routing paths, as defined in Section 3.5. It is not a trivial task | |||
| to guarantee Bundle routing though, so more advanced techniques such | to guarantee Bundle routing though, so more advanced techniques such | |||
| as onion routing (using Bundle-in-Bundle encapsulation) could be | as onion routing (using Bundle-in-Bundle encapsulation) could be | |||
| employed. | employed. | |||
| 6.3. Threat: Bundle Replay | 6.3. Threat: Bundle Replay | |||
| End of changes. 9 change blocks. | ||||
| 13 lines changed or deleted | 17 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||