Re: [dane] Extending TLSA RFC to operate with TLS's new raw public keys
Viktor Dukhovni <viktor1dane@dukhovni.org> Wed, 04 June 2014 14:44 UTC
Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDF421A0268 for <dane@ietfa.amsl.com>; Wed, 4 Jun 2014 07:44:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XMTzxof2rF_t for <dane@ietfa.amsl.com>; Wed, 4 Jun 2014 07:44:15 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34EDF1A0359 for <dane@ietf.org>; Wed, 4 Jun 2014 07:44:15 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 88BB32AAB4F; Wed, 4 Jun 2014 14:44:08 +0000 (UTC)
Date: Wed, 04 Jun 2014 14:44:08 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20140604144408.GR27883@mournblade.imrryr.org>
References: <538C86C7.8000805@cs.tcd.ie> <20140602145215.GP27883@mournblade.imrryr.org> <20140602172922.GS27883@mournblade.imrryr.org> <alpine.LFD.2.10.1406030056500.19868@bofh.nohats.ca> <20140603130839.GY27883@mournblade.imrryr.org> <m3ppip5s57.fsf@carbon.jhcloos.org> <20140604025535.GJ27883@mournblade.imrryr.org> <m3bnu93yzc.fsf@carbon.jhcloos.org> <20140604134441.GN27883@mournblade.imrryr.org> <alpine.LFD.2.10.1406041013410.23900@bofh.nohats.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <alpine.LFD.2.10.1406041013410.23900@bofh.nohats.ca>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/7UUtXmkrdZ_FD8PAKEB3SD508vs
Subject: Re: [dane] Extending TLSA RFC to operate with TLS's new raw public keys
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Jun 2014 14:44:17 -0000
On Wed, Jun 04, 2014 at 10:22:33AM -0400, Paul Wouters wrote:
> >(skip oob when somewhat likely to fail and the client implements use of PKIX certs).
>
> It's not "likely to fail" when there is an exising "3 1 x" TLSA record
> published!
Sure it is, those record might match only a future or past server
key when other RR parameter combinations are also present. Unless
we define such transitions as invalid, and publish server-operator
guidelines that place the burden on the server to avoid such states.
Is that the WG's preference? I can strengthen the key rotation
guidelines in the OPs draft (looks like it is about to morph into
a standards track 6698 update) to require server operators to avoid
transition states in which any of the published C/U/M combinations
match only future or only past keys. This requires some attention
to detail when updating TLSA RRs, and a tricky process when
switching from "311" to "201":
1. 311 old self-signed leaf
2. 311 old leaf + 311 new DANE-TA issued leaf (wait for 1 to age out
then deploy new cert chain).
3. 201 new DANE-TA issued chain (previously published as 311 in step 2).
at each stage there are now C/U/M combinations that don't match
any "active" key.
> Leaves me puzzled even more about what you _are_ trying to convey as
> the requirement for not mixing "3 1 x" and other types.
Consider the above transition from a 311 self-signed cert to a
DANE-TA(2) issued cert, in which the server operator is in a hurry,
and we've not yet mandated the above process:
1. 311 old self-signed leaf
2. 311 old (still active) leaf + 201 planned TA
(wait for 1 to age out, then activate new chain).
3. Drop 311 leaving only 201.
This this, "oob" clients lose at step 2 when the new chain is
activated, but the RRset has "311" only for obsolete keys and a
"201" for the active keys. Note, this is not a "misconfiguration"
in any sense with respect to 6698, and is not a problem prior to
the introduction of "oob" negotiation.
--
Viktor.
- Re: [dane] Extending TLSA RFC to operate with TLS… Paul Hoffman
- [dane] Extending TLSA RFC to operate with TLS's n… John Gilmore
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Paul Wouters
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Paul Wouters
- Re: [dane] Extending TLSA RFC to operate with TLS… John Gilmore
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Paul Wouters
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Paul Wouters
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… James Cloos
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Wes Hardaker
- Re: [dane] Extending TLSA RFC to operate with TLS… James Cloos
- Re: [dane] Extending TLSA RFC to operate with TLS… James Cloos
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Jim Schaad
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… James Cloos
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Tom Gindin
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Stephen Farrell
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Paul Wouters
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… John Gilmore
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Paul Wouters
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Olafur Gudmundsson
- Re: [dane] Extending TLSA RFC to operate with TLS… James Cloos
- Re: [dane] Extending TLSA RFC to operate with TLS… James Cloos
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… James Cloos
- Re: [dane] Extending TLSA RFC to operate with TLS… Stephen Farrell
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Paul Wouters
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Simon Arlott
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Paul Wouters
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Paul Wouters
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Servers which offer RPK but have no TL… John Gilmore
- Re: [dane] Servers which offer RPK but have no TL… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… John Gilmore
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… John Gilmore
- Re: [dane] Servers which offer RPK but have no TL… John Gilmore
- Re: [dane] Extending TLSA RFC to operate with TLS… John Gilmore
- Re: [dane] Servers which offer RPK but have no TL… John Gilmore
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Paul Wouters
- Re: [dane] Extending TLSA RFC to operate with TLS… Paul Wouters
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni
- [dane] Extending TLSA RFC to operate with TLS's n… John Gilmore
- Re: [dane] Extending TLSA RFC to operate with TLS… Paul Wouters
- Re: [dane] Extending TLSA RFC to operate with TLS… Viktor Dukhovni