CA/BF Validation Subcommittee
Thursday 7th of September 2023
Fedi: @q@glauca.space
Email: q@as207960.net
draft-ietf-acme-onion
draft-ietf-acme-onion
onion-csr-01
)onion-csr-01
343-rend-caa
Extra field in the Tor hidden service descriptor
Fetched with the service's blinded public key
hs-descriptor 3
descriptor-lifetime ...
descriptor-signing-key-cert
-----BEGIN ED25519 CERT-----
...
-----END ED25519 CERT-----
revision-counter ...
superencrypted
-----BEGIN MESSAGE-----
...
-----END MESSAGE-----
Encrypted with the service's (non-blinded) public key
desc-auth-type x25519
desc-auth-ephemeral-key ...
auth-client ...
auth-client ...
auth-client ...
encrypted
-----BEGIN MESSAGE----
...
-----END MESSAGE-----
Encrypted with data from auth-client
create2-formats 2
introduction-point ...
onion-key ntor ...
auth-key
-----BEGIN ED25519 CERT-----
...
-----END ED25519 CERT-----
enc-key ntor ...
enc-key-cert
-----BEGIN ED25519 CERT-----
...
-----END ED25519 CERT-----
introduction-point ...
Tor allows hidden services to restrict which clients can connect using client authentication.
.onion domains aren't in the DNS, so standard CAA records can't be used. Instead, CAA records are encoded in the BIND zone file format the second layer hidden service descriptor.
create2-formats 2
single-onion-service
caa 128 issue "test.acmeforonions.org;validationmethods=onion-csr-01"
caa 0 iodef "mailto:security@example.com"
introduction-point AwAGsAk5n...
New field in the first layer hiiden service descriptor to signal that there are CAA records in the second layer descriptor.
desc-auth-type x25519
caa-critical
auth-client ...
http-01
and tls-alpn-01
Full Tor client connection required, no way around this.
onion-csr-01
Client could send its descriptor over ACME to avoid the CA having to compute the network hash ring
Slide deck available at magicalcodewit.ch/cabf-2023-09-07-slides/
Fedi: @q@glauca.space
Email: q@as207960.net