Re: [dane] Lukewarm discussion: DANE for opportunistic TLS protocols

Paul Hoffman <> Sat, 15 February 2014 00:48 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 868971A00DE for <>; Fri, 14 Feb 2014 16:48:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.347
X-Spam-Status: No, score=-1.347 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id YEW_Q83K5VOQ for <>; Fri, 14 Feb 2014 16:48:39 -0800 (PST)
Received: from (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by (Postfix) with ESMTP id 390A11A00A7 for <>; Fri, 14 Feb 2014 16:48:39 -0800 (PST)
Received: from [] ( []) (authenticated bits=0) by (8.14.8/8.14.7) with ESMTP id s1F0mXVw075903 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO) for <>; Fri, 14 Feb 2014 17:48:34 -0700 (MST) (envelope-from
X-Authentication-Warning: Host [] claimed to be []
Content-Type: text/plain; charset=windows-1252
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Paul Hoffman <>
In-Reply-To: <>
Date: Fri, 14 Feb 2014 16:48:32 -0800
Content-Transfer-Encoding: quoted-printable
Message-Id: <>
References: <> <>
To: "<>" <>
X-Mailer: Apple Mail (2.1827)
Subject: Re: [dane] Lukewarm discussion: DANE for opportunistic TLS protocols
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 15 Feb 2014 00:48:40 -0000

On Feb 14, 2014, at 2:50 PM, James Cloos <> wrote:

> The only real question is whether dane-srv and dane-smtp-with-dane
> should be published as two rfcs or combined into one?
> (I’m leaning towards two, numerically adjacent.)

With all due respect, there are other real questions, much more significant than that one.

One of the biggest questions that needs to be asked is not whether DANE can be used for opportunistic protocols, because of course it can, but whether DANE can be used to determine whether a server at a domain name "should" be speaking TLS at the time that a client tries to connect. Viktor makes a strong case that it does for SMTP. During the early discussions of TLSA, many people thought it should not.

Viktor's view gives us good MITM protection if the DNS channel is not broken and the client knows the DNSSEC status of its query. It also causes messages to be lost if there is an operational problem or even an unexpected mis-match on the crypto desires of the client and server. It also assumes that the person running the DNS server for a name is in active contact with the person operating the SMTP server.

Personally, I don't care about MITM protection if it comes at the cost of getting more organizations to turn on opportunistic crypto. I think DANE still has an important role in that it gives the SMTP server operator a logging capability to see if there is an MITM. Others prefer more protection against MITMs even in the face of preventable communication failures.

And, to be blunt, if we think that Viktor is right about DANE for SMTP, shouldn't DANE for HTTP have the same MITM protection and operational downsides?

--Paul Hoffman