Re: [dane] Digest algorithm agility (possible discussion topic for: Informal lunch meeting in Vancouver on Thursday)
Viktor Dukhovni <viktor1dane@dukhovni.org> Fri, 15 November 2013 05:45 UTC
Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAF7F11E8119 for <dane@ietfa.amsl.com>; Thu, 14 Nov 2013 21:45:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 40mRiU-h141V for <dane@ietfa.amsl.com>; Thu, 14 Nov 2013 21:45:09 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) by ietfa.amsl.com (Postfix) with ESMTP id 8F85411E80FA for <dane@ietf.org>; Thu, 14 Nov 2013 21:45:05 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id D0A112AB141; Fri, 15 Nov 2013 05:45:04 +0000 (UTC)
Date: Fri, 15 Nov 2013 05:45:04 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20131115054504.GK761@mournblade.imrryr.org>
References: <68F7E418-B6F1-46C2-9344-00BB6102D940@vpnc.org> <20131104223219.GP2976@mournblade.imrryr.org> <1383702043.26498.20.camel@localhost>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <1383702043.26498.20.camel@localhost>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [dane] Digest algorithm agility (possible discussion topic for: Informal lunch meeting in Vancouver on Thursday)
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Nov 2013 05:45:13 -0000
On Tue, Nov 05, 2013 at 05:40:43PM -0800, Matt McCutchen wrote: > > My proposal is as follows: > > > > When a TLSA RRset contains multiple RRs of the form: > > > > _<port>._tcp.server.example.com. IN TLSA <U> <S> <M> <D> > > > > with the same values of "U" and "S" but different values of the > > matching type, a client MAY ignore a "weaker" matching type > > (deprecated digest algorithm) when a "stronger" matching type for > > the same usage and selector is present. Which matching types are > > considered "weaker" is generally at the client's discretion. > > > - TLSA records that specify multiple certificates or public > > keys for a single (U,S) combination (e.g. multiple trust > > anchors, or multiple EE certificates during key roll-over) > > MUST use the same set of matching types for all of them! > > > > Otherwise, clients may fail to support one of the desired > > certificates, when they choose to support only the RRs with > > the strongest matching type. > > I.e., the same solution that is de facto used by DNSSEC DS records > (https://www.ietf.org/mail-archive/web/dnsext/current/msg11008.html) > > I believe in the need for algorithm agility and proposed three possible > solutions including the above during the original design process > (https://trac.tools.ietf.org/wg/dane/trac/ticket/22) but got no > traction. Thanks, yes, so my proposal requires no changes to the DANE RRset, rather it requires sensible DNS operator practice. For each (usage, selector) combination the mapping: "data" -> SET OF mtype for RRs that correspond to "data" must be the same for all "data" that use the same (usage, selector). I think this is the "Cartesian Product" option in your ticket, but the set of mtypes may differ from one (usage, selector) pair to another. This is now queued for inclusion in the next Postfix snapshot. Details that the group may want to comment on: - Records with mtype "0" are always considered stronger than any hash function for where collisions are unavoidable in principle, even if believed computationally infeasible. - Before choosing the "best" (client selected, not specified by RFC) digest for a particular (usage, selector) pair found in the TLSA RRset, any plainly unusable RRs are discarded: * With "X 0 0", discard RR if the associated data is not an ASN.1 encoding of an X.509 certificate. * With "X 1 0", discard RR if the associated data is not an ASN.1 encoding of an X.509 SPKI structure. * Otherwise, with "X [01] Y" for non-zero "Y", discard the RR when the length of "Y" is not a valid length for digest algorithm "Y". Basically, when all the RRs for a particular mtype (that would otherwise be considered strongest present) are a-priori unusable due to malformed data, we can't be sure whether even the "selector" and "mtype" are valid, after all the record is junk. So it seems reasonable to not impute any meaning to such a record's meta-data in the face of broken data. Otherwise, we commit to failing all all clients that support the apparently stronger algorithm, without in fact knowing where the problem lies. I must admit that of course this is an incomplete solution, some particularly elite domain administrators could replace all the hex E's in their association data with 3's and clearly some clients will again fail. So the strategy does not catch all problems, just the most obvious ones where we would otherwise have to fail when all the records of (apparently) the best mtype are unusable. If the majority feel strongly that one must take as much of a broken record as one can at face value, we should include this in the OPs BCP, and perhaps in any future DANE bis. My preference is to not read any meaning into unusable records. -- Viktor.
- [dane] Informal lunch meeting in Vancouver on Thu… Paul Hoffman
- Re: [dane] Informal lunch meeting in Vancouver on… Matt Miller (mamille2)
- Re: [dane] Informal lunch meeting in Vancouver on… Paul M
- Re: [dane] Informal lunch meeting in Vancouver on… Peter Saint-Andre
- Re: [dane] Informal lunch meeting in Vancouver on… Warren Kumari
- Re: [dane] Informal lunch meeting in Vancouver on… Peter Saint-Andre
- Re: [dane] Informal lunch meeting in Vancouver on… Yoav Nir
- Re: [dane] Informal lunch meeting in Vancouver on… Stephen Farrell
- Re: [dane] Informal lunch meeting in Vancouver on… Dan York
- Re: [dane] Informal lunch meeting in Vancouver on… Ondřej Surý
- Re: [dane] Informal lunch meeting in Vancouver on… Sean Leonard
- [dane] Digest algorithm agility (possible discuss… Viktor Dukhovni
- Re: [dane] Informal lunch meeting in Vancouver on… Wes Hardaker
- Re: [dane] Informal lunch meeting in Vancouver on… Paul Hoffman
- Re: [dane] Informal lunch meeting in Vancouver on… Viktor Dukhovni
- Re: [dane] Informal lunch meeting in Vancouver on… Viktor Dukhovni
- Re: [dane] Informal lunch meeting in Vancouver on… Peter Saint-Andre
- Re: [dane] Informal lunch meeting in Vancouver on… Wes Hardaker
- Re: [dane] Informal lunch meeting in Vancouver on… Paul Wouters
- Re: [dane] Informal lunch meeting in Vancouver on… Olafur Gudmundsson
- Re: [dane] Digest algorithm agility (possible dis… Matt McCutchen
- Re: [dane] Informal lunch meeting in Vancouver on… Daniel Migault
- Re: [dane] Informal lunch meeting in Vancouver on… Dickson, Brian
- Re: [dane] Informal lunch meeting in Vancouver on… Anton Baskov
- Re: [dane] Digest algorithm agility (possible dis… Viktor Dukhovni
- Re: [dane] Digest algorithm agility (possible dis… Matt McCutchen
- Re: [dane] Digest algorithm agility (possible dis… Viktor Dukhovni
- Re: [dane] Digest algorithm agility (possible dis… Viktor Dukhovni