Re: [dane] RPK use-case high level problem statement
Viktor Dukhovni <viktor1dane@dukhovni.org> Fri, 06 June 2014 14:52 UTC
Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 114931A0496 for <dane@ietfa.amsl.com>; Fri, 6 Jun 2014 07:52:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z91PhlILTr3Q for <dane@ietfa.amsl.com>; Fri, 6 Jun 2014 07:52:14 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 73CEE1A049E for <dane@ietf.org>; Fri, 6 Jun 2014 07:52:14 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 25D572AB20C; Fri, 6 Jun 2014 14:52:07 +0000 (UTC)
Date: Fri, 06 Jun 2014 14:52:07 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20140606145207.GW27883@mournblade.imrryr.org>
References: <20140605235915.GR27883@mournblade.imrryr.org> <m3wqcusf31.fsf@carbon.jhcloos.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <m3wqcusf31.fsf@carbon.jhcloos.org>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/L6RtSRq11YZWVU5r1rBp5vDGxeI
Subject: Re: [dane] RPK use-case high level problem statement
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jun 2014 14:52:17 -0000
On Fri, Jun 06, 2014 at 02:54:01AM -0400, James Cloos wrote: > >>>>> "VD" == Viktor Dukhovni <viktor1dane@dukhovni.org> writes: > > VD> 3. Some subset of servers will have TLSA RRsets during transition > VD> states, not currently defined as "misconfigured", such that > VD> X.509 DANE TLSA authentication works, but RPK DANE TLSA > VD> authentication fails, because the RPK-compatible TLSA RRs > VD> match only past or future keys. > > Now I see why/where we disagree. > > In the case where the server's current key cannot be verified by a RPK- > compatible TLSA, and where the server publishes TLSA at all, it is a > mis-configuration to permit the server to negotiate RPK. > > Just because a client sends the RPK extension does not mean that the > server must or will agree. Indeed I was/am expecting some TLS implementations to automatically negotiate RPK and use keys extracted from the leaf certificate (far simpler in mixed environments than configuring separate bare SPKI objects). If RPK only gets enabled: * Toolkit implements RPK, off by default * Application enables RPK support, off by default * Administrator enables RPK (when not in conflict with TLSA, ...) Then it will take quite some time before there's any noticeable RPK deployment even in the presence of DANE TLSA records than can authenticate RPK. The alternative model is: * Toolkit implements RPK, on by default in servers. * Application may be updated to allow disabling of RPK support. * Server administrator publishes "3 1 X" TLSA RRs. * Client sees "pure" "3 1 X" TLSA RRset, enables RPK, and off we go. The extension deploys itself "organically" as implementations are adopted. However, if that's the model, then TLSA RRset transitions need to be managed with care, or clients should be cautious when automaticaly enabling RPK or better yet both. I am planning to *recommend* a server BCP of "make sure each and every U/S/M matches a current keyset" strategy anyway, there are non-RPK reasons to do that anyway. So the question with respect to RPK is whether it is: * The server's responsibility to only enable it while publishing compatible TLSA records (assuming the server publishes TLSA records), leading to much slower RPK deployment, but closing the "mixed TLSA" exposure. OR * The server's responsibility to carefully publish TLSA records in such a way that no U/S/M subset is purely past/future, also closing the exposure. OR * The client's responsibility to be cautious in the face of "mixed" TLSA records. If the consensus is that PRK enablement in server applications needs to be explicit, and it needs to be off by default, then this should I think be published in the new RPK RFC. Toolkit implementors adding server-sie code for the extension need to know that it is not safe to enable by default. > It seems extremely unlikely to me that, as RPK support is added to the > various TLS libraries, that it will be enabled by default. It is vastly > more likely that explicit configuration will be required by any server > software to enable support for RPK. Perhaps even requiring that the > SPKI to be sent to RPK clients be in a file outside of any 509 container, > rather than auto-extracted as needed. I don't want to rely on happy accidents, if it is not spelled out, all bets are off. -- Viktor.
- [dane] RPK use-case high level problem statement Viktor Dukhovni
- Re: [dane] RPK use-case high level problem statem… John Gilmore
- Re: [dane] RPK use-case high level problem statem… Viktor Dukhovni
- Re: [dane] RPK use-case high level problem statem… James Cloos
- Re: [dane] RPK use-case high level problem statem… Simon Arlott
- Re: [dane] RPK use-case high level problem statem… Viktor Dukhovni
- Re: [dane] RPK use-case high level problem statem… James Cloos
- Re: [dane] RPK use-case high level problem statem… Viktor Dukhovni