Re: [certid] Last Call: draft-saintandre-tls-server-id-check (Representation and Verification of Domain-Based Application Service Identity in Certificates Used with Transport Layer Security) to Proposed Standard
Shumon Huque <shuque@isc.upenn.edu> Wed, 04 August 2010 02:57 UTC
Return-Path: <shuque@isc.upenn.edu>
X-Original-To: certid@core3.amsl.com
Delivered-To: certid@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix)
with ESMTP id 0A8613A6B8E for <certid@core3.amsl.com>;
Tue, 3 Aug 2010 19:57:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.029
X-Spam-Level:
X-Spam-Status: No, score=-4.029 tagged_above=-999 required=5 tests=[AWL=-1.430,
BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dcBzGEmvtft3 for
<certid@core3.amsl.com>; Tue, 3 Aug 2010 19:57:25 -0700 (PDT)
Received: from talkeetna.isc-net.upenn.edu (TALKEETNA.isc-net.upenn.edu
[128.91.197.188]) by core3.amsl.com (Postfix) with ESMTP id 324623A67B8 for
<certid@ietf.org>; Tue, 3 Aug 2010 19:57:25 -0700 (PDT)
Received: by talkeetna.isc-net.upenn.edu (Postfix, from userid 4127) id
1B93A2481; Tue, 3 Aug 2010 22:57:54 -0400 (EDT)
Date: Tue, 3 Aug 2010 22:57:54 -0400
From: Shumon Huque <shuque@isc.upenn.edu>
To: Stefan Winter <stefan.winter@restena.lu>
Message-ID: <20100804025753.GA16078@isc.upenn.edu>
References: <20100715230822.5B1583A6B94@core3.amsl.com>
<4C49B477.80700@stpeter.im> <20100730034415.GA28022@isc.upenn.edu>
<4C5267FF.2090701@edelweb.fr> <20100730162031.GA15319@isc.upenn.edu>
<4C569260.7070602@restena.lu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4C569260.7070602@restena.lu>
User-Agent: Mutt/1.4.2.1i
Organization: University of Pennsylvania
Cc: certid@ietf.org
Subject: Re: [certid] Last
Call: draft-saintandre-tls-server-id-check (Representation and Verification
of Domain-Based Application Service Identity in Certificates Used with
Transport Layer Security) to Proposed Standard
X-BeenThere: certid@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Representation and verification of identity in certificates
<certid.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/certid>
List-Post: <mailto:certid@ietf.org>
List-Help: <mailto:certid-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/certid>,
<mailto:certid-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Aug 2010 02:57:26 -0000
On Mon, Aug 02, 2010 at 11:39:44AM +0200, Stefan Winter wrote: > Hi, > > > Well that, and SRVName. There are many other custom types > > defined by specific applications but those aren't the focus > > of this document. > > > > a closely related question to that. In one of my drafts, SRVNames are > used, but not directly. > > There is a S-NAPTR based algorithm which first tries to find a specific > S-NAPTR, and then follows the results from there (typically, via SRVName > to hostname to IP addresses). > If there is no S-NAPTR, a SRV query is tried. > > In the latter case, matching between the SRV record in DNS vs. > SAN-SRVName can be done, and the server id can be verified. > But in the former case, if S-NAPTR in DNS is forged, it is well possible > to drive the querying peer to a bogus SRV record, and an attacker can > have a (unrelated) certificate for this other SRVName. That was, the > querying host can be tricked into initiating a connection to a false > peer because it cannot verify that the NAPTR -> SRV step was correct. > > I've been thinking about a workaround for that. As much as I know, there > is no subjectAltName for NAPTR verification. So my only conclusion so > far is: using NAPTR can only work securely if requiring DNSSEC; so that > the NAPTR can't possibly be forged. Stefan, Yes, I think I agree with your analysis. And even if there were a subjectaltname for NAPTR services, it appears that the components of the (service specific) identity you want to verify are in the RDATA of the NAPTR record, rather than the owner name of the record, so you need to secure the DNS mapping. > I wonder: is there another way of securing server discovery in the > presence of a NAPTR -> SRV redirection? Besides DNSSEC, or some other secure mapping service, I can't think of an obvious one. You'd need to figure out how to encode the service identity in the DNS query name, which is precisely the thing the S-NAPTR lookup is trying to find. > > And do you consider disususing this issue in your draft? > Are you proposing to just discuss this issue, or that we should try to find a solution to the problem? -- Shumon Huque University of Pennsylvania.
- [certid] [Fwd: Last Call: draft-saintandre-tls-se… Alexey Melnikov
- Re: [certid] Last Call: draft-saintandre-tls-serv… Peter Saint-Andre
- Re: [certid] Last Call: draft-saintandre-tls-serv… Shumon Huque
- Re: [certid] Last Call: draft-saintandre-tls-serv… Peter Sylvester
- Re: [certid] Last Call: draft-saintandre-tls-serv… Shumon Huque
- Re: [certid] Last Call: draft-saintandre-tls-serv… Blumenthal, Uri - 0668 - MITLL
- Re: [certid] Last Call: draft-saintandre-tls-serv… Shumon Huque
- Re: [certid] Last Call: draft-saintandre-tls-serv… Stefan Winter
- Re: [certid] Last Call: draft-saintandre-tls-serv… Shumon Huque
- Re: [certid] Last Call: draft-saintandre-tls-serv… Stefan Winter
- Re: [certid] Last Call: draft-saintandre-tls-serv… Peter Saint-Andre