IETF Logo Mail Archive

Re: [dane] Draft for serializing DNSSEC chains

Eric Osterweil <eosterweil@verisign.com> Thu, 07 July 2011 20:36 UTC

Return-Path: <eosterweil@verisign.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 563BB11E809E for <dane@ietfa.amsl.com>; Thu, 7 Jul 2011 13:36:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.399
X-Spam-Level:
X-Spam-Status: No, score=-6.399 tagged_above=-999 required=5 tests=[AWL=0.199, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N1bgxvx6F1QM for <dane@ietfa.amsl.com>; Thu, 7 Jul 2011 13:36:34 -0700 (PDT)
Received: from exprod6og101.obsmtp.com (exprod6og101.obsmtp.com [64.18.1.181]) by ietfa.amsl.com (Postfix) with ESMTP id A38D511E807C for <dane@ietf.org>; Thu, 7 Jul 2011 13:36:31 -0700 (PDT)
Received: from osprey.verisign.com ([216.168.239.75]) (using TLSv1) by exprod6ob101.postini.com ([64.18.5.12]) with SMTP ID DSNKThYYzV+rckO1lWMTCYJQx5oxgWnXk3C1@postini.com; Thu, 07 Jul 2011 13:36:33 PDT
Received: from dul1wnexcn03.vcorp.ad.vrsn.com (dul1wnexcn03.vcorp.ad.vrsn.com [10.170.12.113]) by osprey.verisign.com (8.13.6/8.13.4) with ESMTP id p67KaSJZ026513; Thu, 7 Jul 2011 16:36:28 -0400
Received: from [10.131.30.110] ([10.131.30.110]) by dul1wnexcn03.vcorp.ad.vrsn.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 7 Jul 2011 16:36:28 -0400
Message-ID: <4E1618C7.7060908@verisign.com>
Date: Thu, 07 Jul 2011 16:36:23 -0400
From: Eric Osterweil <eosterweil@verisign.com>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110624 Thunderbird/5.0
MIME-Version: 1.0
To: mrex@sap.com
References: <201107070137.p671b47i012741@fs4113.wdf.sap.corp>
In-Reply-To: <201107070137.p671b47i012741@fs4113.wdf.sap.corp>
Content-Type: multipart/alternative; boundary="------------010104080700030107050104"
X-OriginalArrivalTime: 07 Jul 2011 20:36:28.0203 (UTC) FILETIME=[8C1167B0:01CC3CE5]
Cc: dane@ietf.org
Subject: Re: [dane] Draft for serializing DNSSEC chains
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Jul 2011 20:36:35 -0000

On 7/6/11 9:37 PM, Martin Rex wrote:
>
> Osterweil, Eric wrote:
> >
> > "Matt McCutchen" <matt@mattmccutchen.net> wrote:
> > >
> > > DNSSEC RRSIGs are properly analogous to OCSP responses; they 
> provide the
> > > same functionality.  (DNSSEC just skipped the intermediate stage of
> > > signed long-term certificates because offline operation was not a 
> goal.)
> > > The motivations and security considerations for DNSSEC chain stapling
> > > are much the same as those for OCSP stapling.
> >
> > Why would you say that?  The two protocols are immensely different 
> and they
> > have much different goals.  Please provide details if you feel this 
> is in
> > err.
>
> I agree with Matt (I hadn't noticed he had already suggested this
> when I wrote my last message).
>
> Processing stapled OCSP responses is similar to processing stapled
> DNSSEC records, although the scope of DANE records is slightly broader
> than OCSP (because it may include issues server endpoint identification).
>
> >
> > > (Which raises another point.  OCSP stapling uses a TLS extension.  
> This
> > > is a more appropriate design than embedding the data in the cert;
> > > additionally, the latter is impossible to do backward-compatibly 
> with a
> > > CA-signed cert.
> >
> > OK, so let's discuss this.  Are you aware of any operational hurdles 
> that
> > may have hampered OCSP (for what it was intended, let alone for 
> something
> > new)?
>
> AFAIK, the original TLS extension was a single OCSP response, and then
> all CAs added intermediate certs so that a single OCSP response was
> no longer sufficient to validate a server certificate.
>
> The proposal for a new TLS extension to carry more than a single
> OCSP reponse is still an internet draft:
> https://datatracker.ietf.org/doc/draft-pettersen-tls-ext-multiple-ocsp/
>

Yes, but are you aware of the _operational_ problems?  Is the 
distinction between design complexity and operational complexity not 
clear?  If so, is anyone else on the list concerned?

>
> >
> > > For DNSSEC chain stapling, embedding is possible.
> > > Chromium may find the ability to use externally automated DNSSEC chain
> > > stapling with existing web servers to be sufficient justification for
> > > choosing the poorer design, but does IETF?)
> >
> > This will lead to disaster, and opens up new attack vectors.
>
> Could you elaborate?  I fail to follow.
>
I think (having restated the same position in multiple different ways 
over the last several days) I have outlined the objection pretty 
clearly.  If you are not clear on them, please re-read my previous 
emails and I can clarify any specific points you don't follow.

>
> The security design of DANE does not have a dependency on the transport
> that is used to convey the signed DNS records.  Neither does OCSP and 
> CRLs.
>
Actually, it very much does.  If operational issues open attack vectors 
(which they will in this case), then I think the security design (by 
definition) has a dependency.  Is the vector still unclear?

Eric

v2.23.0 | Report a Bug | By Email