Re: [dane] DANE Testing

Viktor Dukhovni <> Fri, 21 February 2014 21:38 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 83B311A0135 for <>; Fri, 21 Feb 2014 13:38:28 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.001
X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id cepA8ziFoRNs for <>; Fri, 21 Feb 2014 13:38:26 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 0585D1A028F for <>; Fri, 21 Feb 2014 13:38:25 -0800 (PST)
Received: by (Postfix, from userid 1034) id B5D5D2AB25A; Fri, 21 Feb 2014 21:38:19 +0000 (UTC)
Date: Fri, 21 Feb 2014 21:38:19 +0000
From: Viktor Dukhovni <>
Message-ID: <>
References: <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [dane] DANE Testing
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 21 Feb 2014 21:38:28 -0000

On Fri, Feb 21, 2014 at 03:19:10PM -0500, Stephen Nightingale wrote:

> It is now possible to test from both TLSlite based and GnuTLS based
> clients.

The GnuTLS DANE implementation does not implement DANE-TA(2) or
correctly.  It may also IIRC not do PKIX-TA(0) right either.  The
issue is that the TA is incorrectly constrained to be the immediate
issuer of the leaf certificate.  There may be other problems, I
did not perform a comprehensive code review.

So results from GnuTLS DANE verification can be misleading.

> A golden, canonical CA list would be nice to find. But I guess that its
> non-universal availability is one of the problems of the CA system
> that DANE is aiming squarely at.

There is no such beast.  A form of Goedel's incompleteness theorem
applies: any list of CAs is either incomplete or untrustworthy (or

> The differences between TLSlite and GnuTLS clients highlight the
> fact that there are unresolved interoperability issues among TLS
> implementations.

Default configurations of GnuTLS typically enforce unreasonable
minimum sizes on EDH primes.  Applications have to work around
these with policy overrides.

> I look forward to seeing the newly upgraded OpenSSL
> client with added DANE.  It is quite possible that as an interim step
> before its appearance I will add this DANE-in-the-App implementation
> to pyOpenSSL and/or Twisted.

Such a project should not be undertaken lightly, it is too easy to
get it wrong.

> If you find any glaring errors, I will be embarrassed but thankful.
> If you find any subtle errors I will be impressed and thankful.

A code review is required to rule out subtle errors, glaring errors
may show up in tests if the test bed is sufficiently comprehensive.