Abstract
Web traffic encryption has shifted from applying only to sensitive websites (such as banks) to a majority of all Web requests. Until recently, one of the main limiting factors for enabling HTTPS was the requirement to obtain a valid certificate from a trusted certification authority. This process traditionally involves steps such as paying a certificate issuance fee, ad-hoc private key and certificate request generation, and domain validation procedures. To remove this barrier of entry, the Internet Security Research Group (ISRG) introduced “Let’s Encrypt”, a new non-profit certificate authority that uses a new protocol called Automatic Certificate Management Environment (ACME) to automate certificate management at all levels (request, validation, issuance, renewal, and revocation) between clients (website operators) and servers (certificate authority nodes). Let’s Encrypt’s success is measured by its issuance of over 27 million free certificates since its launch in April 2016. In this paper, we survey the existing process for issuing domain-validated certificates in major certification authorities. Based on our findings, we build a security model of domain-validated certificate issuance. We then model the ACME protocol in the applied pi-calculus and verify its stated security goals against our security model. We compare the effective security of different domain validation methods and show that ACME can be secure under a stronger threat model than that of traditional CAs. We also uncover weaknesses in some flows of ACME 1.0 and propose verified improvements that have been adopted in the latest protocol draft submitted to the IETF.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
- 2.
CloudFlare incidentally also operates Let’s Encrypt’s infrastructure, rendering it a centralized point of failure for ACME and ad-hoc CAs alike. While ACME is a centralization-agnostic protocol, Let’s Encrypt operates with a fully centralized infrastructure.
- 3.
Full model available at https://github.com/Inria-Prosecco/acme-model.
- 4.
We also specify a fully public channel named pub.
References
Chokhani, S., Ford, W., Sabett, R., Merrill, C., Wu, S.: Internet X.509 Public Key Infrastructure: Certificate Policy and Certification Practices Framework, RFC 3647. Internet Engineering Task Force, November 2003
CA/Browser Forum: Baseline requirements for the issuance and management of policy-trusted certificates, v. 1.1.5, May 2013
Gervase, M., Ryan, S., Richard, B., Kathleen, W.: WoSign and StartCom
Levillain, O., Ébalard, A., Morin, B., Debar, H.: One year of SSL internet measurement. In: Proceedings of the 28th Annual Computer Security Applications Conference, ACSAC 2012, pp. 11–20. ACM, New York (2012)
Delignat-Lavaud, A., Abadi, M., Birrell, A., Mironov, I., Wobber, T., Xie, Y., Microsoft Research: Web PKI: closing the gap between guidelines and practices. In: NDSS (2014)
Google: Certificate transparency
Basin, D., Cremers, C., Hyun-Jin, K.T., Perrig, A., Sasse, R., Szalachowski, P.: ARPKI: Attack Resilient Public-Key Infrastructure. In: Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, CCS 2014, pp. 382–393. ACM, New York (2014)
Internet Security Research Group: Let’s encrypt overview (2016)
Internet Security Research Group: Let’s encrypt statistics (2016)
Barnes, R., Hoffman-Andrews, J., Kasten, J.: Automatic Certificate Management Environment (ACME), July 2016
Blanchet, B., Smyth, B., Cheval, V.: ProVerif 1.90: automatic cryptographic protocol verifier, user manual and tutorial (2014)
Comodo CA Ltd.: Comodo certification practice statement. Technical report, Comodo CA Ltd., August 2015
DigiCert: DigiCert certification practices statement. Technical report, DigiCert, September 2016
GeoTrust Inc.: GeoTrust certification practice statement. Technical report, GeoTrust Inc., September 2016
GlobalSign CA: GlobalSign CA certification practice statement. Technical report, GlobalSign CA (2016)
Internet Security Research Group: Certification practice statement. Technical report, Internet Security Research Group, October 2016
Symantec Corporation: Symantec Trust Network (STN) certification practice statement. Technical report, Symantec Corporation, September 2016
StartCom CA Ltd.: StartCom certificate policy and practice statements. Technical report, StartCom CA Ltd., September 2016
LLC Network Solutions: Network solutions certification practice statement. Technical report, Network Solutions, LLC, September 2016
Alexa Internet Inc.: Top 1,000,000 sites (updated daily) (2013)
Küsters, R., Truderung, T.: Using ProVerif to analyze protocols with Diffie-Hellman exponentiation. In: IEEE Computer Security Foundations Symposium (CSF), pp. 157–171 (2009)
Ateniese, G., Mangard, S.: A new approach to DNS security (DNSSEC). In: Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 86–95. ACM (2001)
Hoffman, P., Schlyter, J.: The DNS-based Authentication of Named Entities (DANE) Transport Layer Security (TLS) protocol: TLSA. Technical report (2012)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 International Financial Cryptography Association
About this paper
Cite this paper
Bhargavan, K., Delignat-Lavaud, A., Kobeissi, N. (2017). Formal Modeling and Verification for Domain Validation and ACME. In: Kiayias, A. (eds) Financial Cryptography and Data Security. FC 2017. Lecture Notes in Computer Science(), vol 10322. Springer, Cham. https://doi.org/10.1007/978-3-319-70972-7_32
Download citation
DOI: https://doi.org/10.1007/978-3-319-70972-7_32
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-70971-0
Online ISBN: 978-3-319-70972-7
eBook Packages: Computer ScienceComputer Science (R0)