[cabfpub] Question 5 – Domain Validation pre-ballot

Gervase Markham gerv at mozilla.org
Tue Nov 17 14:30:06 UTC 2015



On 13/11/15 01:08, kirk_hall at trendmicro.com wrote:
> *Question 5 – Domain Validation pre-ballot*
> 
>  
> 
> Richard Wang of WoSign posted the following comment on the pre-ballot:
> 
>  
> 
> “I think the ballot should include some sort of requirement that a
> Random Value, Request Token, or Test Certificate can only be used once
> by the CA and customer to validate one domain, and that a new Random
> Value, Request Token, or Test Certificate must be generated by the CA
> for the customer for each domain being validated, and each time a domain
> is validated.”
> 
>  
> 
> Currently, there is _no limitation_ on how many times the same Random
> Value, Request Token, or Test Certificate (call them all “CA markers”)
> can be used, or for confirming how many domains, or for what period of time.
> 
>  
> 
> On the call today, there was general agreement that the CA Markers
> should not be reused, but that a new CA Marker should be generated by
> the CA for validation of each new domain.  By extension, a CA should
> also generate a new CA Marker each time the CA re-validates the same
> domain (every 13 months or earlier for EV domains, every 39 months or
> earlier for DV and OV domains).
> 
>  
> 
> There was one suggestion that maybe a CA could use a single CA Marker
> for validating all the domains included in a single CSR.
> 
>  
> 
> Gerv also suggested there should be a time limit on how long a CA Marker
> would be valid, as a hacker could perhaps find an unused CA Marker sent
> to a domain owner and then use it to get a bogus cert.   For this
> reason, if the customer does not use the CA Token in a fairly short
> period, the CA should generate and send a new CA Marker to the customer
> for the domain.

No, that's not correct. I was arguing _against_ a time limit; Eddy was
arguing for a time limit. My proposal was that they be one-shot, but I
didn't think mandating a particular expiry time mitigated any threats.

> (1) Should _all_ “CA Markers” (Random Values, Request Tokens, Test
> Certificates) be prohibited from re-use?  Should the limitation be one
> of the following?

Request Tokens are not the same as Random Values - the reason there are
different definitions for the two is that they have different
properties. So bundling them all together as "CA markers" doesn't
actually allow us to analyse the security properties of each carefully.

A Request Token is a value derived from the public key using a method
specified by the CA. For example, the method might be "take the SHA-256
hash of the public key". In this case, clearly the Request Token will be
the same on every occasion where the public key is used - which may be
several times. But that's OK, because it's tied to the public key, which
is tied to the private key, and only the applicant has the private key.

So there is no need to require rotation of Request Tokens - in fact, it
doesn't make sense. However, we should require rotation of Random Values.

Gerv



More information about the Public mailing list