<?xml version="1.0" encoding="US-ASCII"?>
<!DOCTYPE rfc SYSTEM "rfc2629.dtd">
<?rfc toc="yes"?>
<?rfc rfcedstyle="yes"?>
<?rfc subcompact="no"?>
<?rfc symrefs="yes"?>
<?rfc comments="yes" ?>
<?rfc inline="yes" ?>

<rfc ipr="trust200902" category="info" docName='draft-melnikov-acme-email-tls-smime-00'>
  <front>
    <title abbrev="Automatic Certificate Management Environment">
      Extensions to Automatic Certificate Management Environment for email TLS and S/MIME
    </title>
    <author initials="A." surname="Melnikov" fullname="Alexey Melnikov">
      <organization>Isode Ltd</organization>
      <address>
	<postal>
	  <street>14 Castle Mews</street>
	  <city>Hampton</city>
	  <region>Middlesex</region>
	  <code>TW12 2NP</code>
	  <country>UK</country>
	</postal>
	<email>Alexey.Melnikov@isode.com</email>
      </address>
    </author>
      
    <date year="2017" />
    
    <keyword>ACME</keyword>
      
    <abstract>

    <t>
    This document specifies identifiers and challenges required to enable
    the Automated Certificate Management Environment (ACME) to issue
    certificates for use by TLS email services and for email recipients
    that want to use S/MIME.
    </t>
	
    </abstract>
    
  </front>
  <middle>

    <section title="Introduction">

        <t>
        <xref target="I-D.ietf-acme-acme"/> is a mechanism for automating certificate
        management on the Internet.  It enables administrative entities to
        prove effective control over resources like domain names, and
        automates the process of generating and issuing certificates.
        </t>
      
        <t>
        This document describes extensions to ACME for use by email services.
        <xref target="tls"/> defines extensions for how email services (such as SMTP, IMAP)
        can get certificates for use with TLS.
        <xref target="smime"/> defines extensions for issuing end user S/MIME <xref target="RFC5751"/> certificates.
        </t>

      <!--
        <t>
        </t>
        -->
      
    </section>
    
    <section title="Conventions Used in This Document">
      
      <t>The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
	    "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
	    this document are to be interpreted as described in
	    <xref target="RFC2119"/>.</t>

    </section>

    
    <section title="Use of ACME for use by TLS-protected SMTP and IMAP services" anchor="tls">

      <t>SMTP <xref target="RFC5321"/> (including SMTP submission) and IMAP <xref target="RFC3501"/> servers
      use TLS <!--reference--> to provide server identity authentication, data confidentiality and integrity services.
      Such TLS protected email services either use STARTTLS command or run on a separate TLS-protected port.
      </t>
      
      <t>
      <xref target="I-D.ietf-acme-acme"/> defines several challenge types that can be extended for use by email services.
      This document also defines some new challenge types specific to SMTP and IMAP.
      </t>

      <t>In order to use these challenges JWS <xref target="RFC7515"/> object used by <xref target="I-D.ietf-acme-acme"/>
      is extended. The following extra requirements are in addition to requirements on JWS objects sent in ACME
      defined in Section 6.2 of <xref target="I-D.ietf-acme-acme"/>:

        <list style='numbers'>

          <t>
          "service" JWS header parameter MUST be included. See <xref target="service"/> for more details.
          </t>

          <t>
          "port" JWS header parameter MUST (SHOULD?) be included. See <xref target="port"/> for more details.
          </t>

        </list>

      </t>
      
      <figure title="Figure 1">
          <preamble>
   For example, if the client were to respond to the "tls-sni-email-00" challenge,
   it would send the following request:
          </preamble>
<artwork><![CDATA[
   POST /acme/authz/asdf/0 HTTP/1.1
   Host: example.com
   Content-Type: application/jose+json

   {
     "protected": base64url({
       "alg": "ES256",
       "kid": "https://example.com/acme/acct/1",
       "nonce": "Q_s3MWoqT05TrdkM2MTDcw",
       "url": "https://example.com/acme/authz/asdf/0",
       "service": "smtp",
       "port": 25
     }),
     "payload": base64url({
       "type": "tls-sni-email-00",
       "keyAuthorization": "IlirfxKKXA...vb29HhjjLPSggQiE"
     }),
     "signature": "7cbg5JO1Gf5YLjjF...SpkUfcdPai9uVYYU"
   }
]]></artwork>
      <postamble></postamble>
      </figure>
      

      <section title='"service" JWS header parameter' anchor="service">

        <t>The "service" JWS header parameter specifies the service for which TLS server certificate should be issued.
        Valid values come from "Service Names and Transport Protocol Port Numbers" IANA registry
        &lt;https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml&gt;.
        
        ACME server MAY include SRV-ID <xref target="RFC6125"/> subjectAltNames in issued certificates.
        </t>
        
      </section>
      
      <section title='"port" JWS header parameter' anchor="port">

        <t>The "port" JWS header parameter specifies the TCP port number where the corresponding
        service is running.
        </t>

        <t>[[This parameter might have applicability beyond email services.]]</t>
        
      </section>
      
      <section title="TLS with Server Name Indication (SNI) challenge for email services">

        <t>"tls-sni-email-00" is very similar to "tls-sni-01" defined in Section 8.3 of <xref target="I-D.ietf-acme-acme"/>.</t>

        <t>The difference between processing of "tls-sni-email-00" and "tls-sni-01" are listed below:

          <list style='numbers'>

            <t>
            SAN A MUST be constructed as follows: compute the SHA-256 digest
            [FIPS180-4] of the challenge token and encode it in lowercase
            hexadecimal form.  The dNSName is "&lt;x&gt;.&lt;y&gt;.&lt;token&gt;.acme.invalid", where &lt;x&gt;
            is the first half of the hexadecimal representation and &lt;y&gt; is the
            second half, and &lt;token&gt; was generated by the ACME server.
            SAN B MUST be constructed as follows: compute the SHA-256 digest of
            the key authorization and encode it in lowercase hexadecimal form.
            The dNSName is "&lt;x&gt;.&lt;y&gt;.&lt;ka&gt;.acme.invalid" where &lt;x&gt; is the first half of the
            hexadecimal representation and &lt;x&gt; is the second half, and &lt;ka&gt; is the key authorization.
            
            [[OPEN ISSUE: Should service name and port number be incorporated into SAN A and B?]]
            </t>

            <t>When verifying the client's control of the domain/service, ACME server connects to port
            as specified in "port" JWS header parameter (<xref target="port"/>), instead of port 443.
            When connecting to ports 25, 143 and 587, ACME server needs to use STARTTLS command.
            When connecting to ports 465 or 993, ACME server initiate TLS negotiation immediately
            upon connection to the corresponding ports.
            In all cases ACME server presents SAN A in the SNI field, constructed as specified above.
            </t>

          </list>

        </t>

      </section>
        
      <section title="DNS challenge for email services">

        <t>"dns-email-00" is very similar to "dns-01" defined in Section 8.4 of <xref target="I-D.ietf-acme-acme"/>.</t>

        <t>The difference between processing of "dns-email-00" and "dns-01" are listed below:

          <list style='numbers'>

            <t>
            The TXT record used to validate this challenge is _&lt;port&gt;._&lt;service&gt;_acme-challenge.&lt;domain&gt;.
            For example, for domain "example.com" and IMAP service running on port 993, the TXT record name is
            _993._imaps._acme-challenge.example.com. For domain "example.net" and IMAP service running on port 143,
            the TXT record name is _143._imap._acme-challenge.example.next.
            </t>

            <t>
            [[OPEN ISSUE: Should service name and port number be incorporated into the hash?]]
            </t>

          </list>

        </t>

      </section>

      <section title="CAPABILITY challenge for email services">

        <t>For "capability-smtp-00" challenge, ACME client (== SMTP server)
        constructs a key authorization from the "token" value provided in the challenge
        and the client's account key.  The client then computes the SHA-256
        digest [FIPS180-4] of the key authorization. SMTP server than
        returns the base64url encoding of this digest as a value of the "ACME" EHLO capability:
        </t>

        <figure title="Figure 2">
          <preamble>
          </preamble>
<artwork><![CDATA[
250-smtp.example.com
250-SIZE
250-8BITMIME
250-BINARYMIME
250-PIPELINING
250-HELP
250-DSN
250-CHUNKING
250-AUTH SCRAM-SHA-1
250-AUTH=SCRAM-SHA-1
250-STARTTLS
250-ACME gfj9Xq...Rg85nM
250-MT-PRIORITY
250 ENHANCEDSTATUSCODES
]]></artwork>
          <postamble></postamble>
        </figure>

        <t>Similarly, "capability-imap-00" challenge, ACME client (== IMAP server)
        constructs a key authorization from the "token" value provided in the challenge
        and the client's account key.  The client then computes the SHA-256
        digest [FIPS180-4] of the key authorization. SMTP server than
        returns the base64url encoding of this digest as a value of the "ACME" capability:
        </t>

        <figure title="Figure 3">
          <preamble>
          </preamble>
<artwork><![CDATA[
* OK [CAPABILITY IMAP4rev1 LOGINDISABLED LITERAL+ ENABLE STARTTLS ACME=gfj9Xq...Rg85nM] Example IMAP4rev1 server ready

 or

* CAPABILITY IMAP4rev1 LOGINDISABLED LITERAL+ ENABLE STARTTLS ACME=gfj9Xq...Rg85nM
]]></artwork>
          <postamble></postamble>
        </figure>
      
      </section>
    
    </section>


    <section title="Use of ACME for issuing end user S/MIME certificates" anchor="smime">

      <t>
      <xref target="I-D.ietf-acme-acme"/> defines "dns" Identifier Type that is used to verify that a particular entity
      has control over a domain or specific service associated with the domain.
      In order to be able to issue end-user S/MIME certificates, ACME needs a new Identifier Type that
      proves ownership of an email address.
      </t>

      <t>
      This document defines a new Identifier Type "email" which corresponds to
      an (all ASCII) email address <xref target="RFC5321"/>. This can be used with S/MIME or
      other similar service that requires posession of a certificate tied to an email address.
      </t>
      
      <t>
      A new challenge type "email-reply-00" is used with "email" Identifier Type,
      which provides proof that an ACME client has control over an email address:
      [[Very rough outline follows]]
      
        <list style='numbers'>

          <t>
          ACME server generates an email message with the subject containing "ACME &lt;token-part1&gt;",
          where &lt;token-part1&gt; is the base64url encoded first part of the token,
          which contains at least 64 bit of entropy. The second part of the token (token-part2,
          which also contains at least 64 bit of entropy) is returned over HTTPS to the ACME client.
          ACME client concatenates "token-part1" and "token-part2" to create "token", calculates
          key-authz (as per Section 8.1 of <xref target="I-D.ietf-acme-acme"/>), then included the base64url encoded
          SHA-256 digest [FIPS180-4] of the key authorization in a response email message.
          The response email message has a single text/plain MIME body part.
          [[Do we need to handle text/html or multipart/alternative? Simplicity suggests "no".]]
          </t>

          <!--
          <t>
          </t>
          -->

        </list>
      </t>

      <t>[[Do we need a proof that ACME client can submit email on behalf of the user, not just read the challenge using IMAP?]]</t>

    </section>

    <section title="Open Issues">

      <t>
        [[This section should be empty before publication]]
        
        <list style='numbers'>

          <t>
          One possible alternative for issuing TLS certificates for email services is to define a new Identifier Type that specifies service@domain.
          The current version of the document just reuses "dns".
          </t>

          <!--
          <t>
          </t>
          -->

        </list>
      </t>

    </section>
    
      
    <section title="IANA Considerations">

      <t>
        IANA is requested to register the following ACME challenge types that are used with Identifier Type "dns":
        "tls-sni-email", "dns-email", "capability-smtp" and "capability-imap". The reference for all of them is this document.
      </t>

      <t>
        IANA is requested to register a new Identifier Type "email" which corresponds to an (all ASCII) email address <xref target="RFC5321"/>.
      </t>

      <t>
        And finally, IANA is requested to register the following ACME challenge types that are used with Identifier Type "email":
        "email-reply". The reference for it is this document.
      </t>
    
    </section>

    <section title="Security Considerations" anchor="seccons">

      <t>TBD.</t>

    </section>
    
  </middle>
  <back>
    <references title="Normative References">
      <?rfc include="reference.RFC.2119"?> <!-- Keywords -->
      <?rfc include="reference.RFC.5321"?> <!-- SMTP -->
      <?rfc include="reference.RFC.3501"?> <!-- IMAP -->
      <?rfc include="reference.RFC.5751"?> <!-- S/MIME -->
      <?rfc include="reference.RFC.7515"?> <!-- JSON Web Signature (JWS) -->
      <?rfc include="reference.RFC.6125"?> <!-- TLS Server Identity Verification -->
      
<reference anchor="I-D.ietf-acme-acme">
<front>
<title>
Automatic Certificate Management Environment (ACME)
</title>
<author initials="R" surname="Barnes" fullname="Richard Barnes">
<organization/>
</author>
<author initials="J" surname="Hoffman-Andrews" fullname="Jacob Hoffman-Andrews">
<organization/>
</author>
<author initials="J" surname="Kasten" fullname="James Kasten">
<organization/>
</author>
<date month="March" day="13" year="2017"/>
<abstract>
<t>
Certificates in PKI using X.509 (PKIX) are used for a number of purposes, the most significant of which is the authentication of domain names. Thus, certificate authorities in the Web PKI are trusted to verify that an applicant for a certificate legitimately represents the domain name(s) in the certificate. Today, this verification is done through a collection of ad hoc mechanisms. This document describes a protocol that a certification authority (CA) and an applicant can use to automate the process of verification and certificate issuance. The protocol also provides facilities for other certificate management functions, such as certificate revocation.
</t>
</abstract>
</front>
<seriesInfo name="Internet-Draft" value="draft-ietf-acme-acme-06"/>
<format type="TXT" target="http://www.ietf.org/internet-drafts/draft-ietf-acme-acme-06.txt"/>
</reference>

    </references>

<!--    
    <references title="Informative References">
    </references>
-->

<!--
    <section title="Acknowledgements">
	
      <t>Thank you to Steve Kille and David Wilson for suggestions, comments and corrections on this document.</t>

      <t>David Wilson came up with the idea of defining a new Content-Type header field parameter to distinguish
      forwarded messages from inner header field protection constructs.</t>
      
    </section>
-->    
    
  </back>
</rfc>
