Re: [dane] Behavior in the face of no answer?

Tom Ritter <tom@ritter.vg> Fri, 04 May 2012 15:38 UTC

Return-Path: <tom@ritter.vg>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8BA8C21E8018 for <dane@ietfa.amsl.com>; Fri, 4 May 2012 08:38:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.612
X-Spam-Level:
X-Spam-Status: No, score=-2.612 tagged_above=-999 required=5 tests=[AWL=-0.235, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, J_CHICKENPOX_18=0.6, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C1GYGUDgwucQ for <dane@ietfa.amsl.com>; Fri, 4 May 2012 08:38:13 -0700 (PDT)
Received: from mail-ob0-f172.google.com (mail-ob0-f172.google.com [209.85.214.172]) by ietfa.amsl.com (Postfix) with ESMTP id D58D121E8013 for <dane@ietf.org>; Fri, 4 May 2012 08:38:13 -0700 (PDT)
Received: by obbeh20 with SMTP id eh20so4919590obb.31 for <dane@ietf.org>; Fri, 04 May 2012 08:38:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ritter.vg; s=vg; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=iJEJ7jiiCthFYkdPIxT+YCV5TcYInf0fCU+2okfDlBw=; b=swH2+Lrq3f84rJmnNAtHbf3w2J7wOdVjzsbKT5uM9JkctHPk5Nbdb3tWL4owyt9PWb GC5cPN8qWZ0UGN4bRALP/ZpR8yzBDAfDvgs9KCerfUBWHP9wre9Ul0IH5+59AqRzqIu3 yEnStQ8fkz0VKYbJ383tKaACVW8kyxk0w3J3Q=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding:x-gm-message-state; bh=iJEJ7jiiCthFYkdPIxT+YCV5TcYInf0fCU+2okfDlBw=; b=mqZpJnuJqyQFq/HsoBr3CsY4aM9RPzShQGAg9K3ciGinhldmrmLOBN9KP4LLHzd7qz QiucEMLVbT8MzcmWFDzJotbaKjwu0vyomKjo0liA3ILbnTpGYtEewEanU8eOki7vqU/q y6oSk5xlnySkN7bXH9XsCg+FM/9czurUuLczeHH7LfJVwF20Ynnr0PYryjv0NXrkKPWE Mc35aKHzqmZvCZTMIGbaO3I8pjnwVbVCRnLEo1Q3wgQx5u2OzvFH0NSgT+8mRd9GFBHS eopS9zAfgEHibkapBrH/GgmyR6GgCgXKcT/uTkcOY488Jg/jPYGxTyEpcnGE6fLVBeLq KkYg==
Received: by 10.182.111.39 with SMTP id if7mr9038360obb.55.1336145893387; Fri, 04 May 2012 08:38:13 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.182.150.41 with HTTP; Fri, 4 May 2012 08:37:53 -0700 (PDT)
In-Reply-To: <D7743FA1-34E0-4030-B17B-33300143A520@ICSI.Berkeley.EDU>
References: <CABcZeBMY26xrfvAx=UsYN2XnuONZ2vPy9tNwHQALudd=yQDvgA@mail.gmail.com> <0526D60A-3F1B-4C55-9796-256BC2556AAB@vpnc.org> <20120503223745.GC1804@mail.yitter.info> <CABcZeBMFV8oiZJfAY1fZ_0bBQWa=q6aBL65AS+W5gBuKmPnwOg@mail.gmail.com> <20120504021044.GB4560@mail.yitter.info> <B25C977F-6B4E-458C-879D-A36EDB94DA75@icsi.berkeley.edu> <20120504023602.GA4683@mail.yitter.info> <CABcZeBO93n_C5detefBcOjAoswe2inGKDj65gQPDQmREyGnhAw@mail.gmail.com> <20120504112922.GB4929@mail.yitter.info> <2DDB5448-6A34-4D68-9421-4505CCC71A1A@icsi.berkeley.edu> <D7743FA1-34E0-4030-B17B-33300143A520@ICSI.Berkeley.EDU>
From: Tom Ritter <tom@ritter.vg>
Date: Fri, 4 May 2012 11:37:53 -0400
Message-ID: <CA+cU71n8qGBc_tJ4pxFeC3268Mtyj1ZV+v7kkwOA5dy-iAyZ1w@mail.gmail.com>
To: dane@ietf.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQkmIaFWWAPZLCKrnvneycsVHvI+kLMoDVG5rf657RYAkxkCehdHgdkEVmmJ5z33XdzNM8Rb
Cc: Adam Langley <agl@imperialviolet.org>
Subject: Re: [dane] Behavior in the face of no answer?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 May 2012 15:38:14 -0000

On 4 May 2012 10:42, Nicholas Weaver <nweaver@icsi.berkeley.edu> wrote:
> So here's my proposal: Actually check the network for b0rkenness!
>
> The browser, on startup, or when the local IP address changes, conducts the following test:
>
> It checks, using three known sites with TLSA records (provided by the browser vendor, with deliberate redundancy to prevent a TLD outage from being a problem), to see if it can receive and validate a TLSA record using DNSSEC for at least one of the three sites.

I don't think will actually help anything.  The attacker will just
block ALL TLSA records, not just for the target site he intends to
MITM.



Fail-close vs Fail-open when you can't get the TLSA record is OCSP
hard-fail vs soft-fail all over again.  I'd like Hard fail, but no
matter what we say, no browser will implement it.  If mandating
hard-fail in the spec causes clients to NOT implement DANE (as opposed
to just ignoring the recommendation) - I don't think we should do it.



HOWEVER!  WE HAVE A SOLUTION!  Actually, Chrome has a solution, and it
already works. http://www.imperialviolet.org/2011/06/16/dnssecchrome.html
DNSSEC Stapled Certificates

Put the DNSSEC chain *in the TLS certificate*.  This won't be blocked
by a MITM, and if you receive a self-signed certificate with a valid
TLSA chain in it, it's valid.  The TLSA chain is signed, so it doesn't
matter _how_ you receive it, as long as the signatures all match up.

Now this is a solution to the broader problem of delivering the TLSA
record to the client for verification, it's not a solution to
hard-fail vs soft-fail for TLSA queries. (I already gave my opinion on
that.)  And it's clear that this solution should not go into this RFC,
and that we need to either:

 - recommend soft-fail (bad)
 - recommend hard-fail (potentially bad, if it stops adoption)
 - punt, and let everyone do what they're going to do already: soft-fail

But this idea, which I think could turn into a RFC fairly easily, get
implemented in browsers in relatively short order, and get implemented
in webservers in considerably longer order - can solve the general
problem.

-tom