Re: [dane] Extending TLSA RFC to operate with TLS's new raw public keys

[Paul Wouters <paul@nohats.ca>]

On Mon, 2 Jun 2014, Viktor Dukhovni wrote:

> On Sun, Jun 01, 2014 at 10:04:13PM -0400, Tom Gindin wrote:
>
>> On a technical, or at least quasi-technical point, doesn't usage 3 say
>> that it must match the "end-entity certificate given by the server in
>> TLS"?
>
> Usage DANE-EE(3) with selector SPKI(1) matches the subject public
> key info of the peer.  While as specified in 6698 this SPKI is
> expected to be adorned in X.509 finery, it is a natural extension
> to allow the same association to apply to bare public keys.

Not only the natural extension, it was added specifically to accomodate
bare public keys in the future/

> There is simply no need for a new certificate usage here (one for
> which selector 0 would make no sense).  Indeed it would force
> server operators to needlessly publish the SPKI digest twice:
>
> 	example. IN TLSA 3 1 1 {blob}
> 	example. IN TLSA 4 1 1 {blob}
>
> for no good reason.

I agree. One TLSA that covers the SPKI should work for TLS servers that
give out a bare public key or an EE cert.

I'm okay with WH' suggestion of putting this in the soon to be dane ops
document, or with an ERRATA to 6698 or with a new one page RFC.

Paul