IETF Logo Mail Archive

Re: [dane] Behavior in the face of no answer?

Paul Hoffman <paul.hoffman@vpnc.org> Tue, 15 May 2012 18:32 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86F5521F8888 for <dane@ietfa.amsl.com>; Tue, 15 May 2012 11:32:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.557
X-Spam-Level:
X-Spam-Status: No, score=-102.557 tagged_above=-999 required=5 tests=[AWL=0.042, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6A-o-eOmTrDx for <dane@ietfa.amsl.com>; Tue, 15 May 2012 11:32:17 -0700 (PDT)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id D0F7B21F885C for <dane@ietf.org>; Tue, 15 May 2012 11:32:16 -0700 (PDT)
Received: from [10.20.30.102] (50-0-66-4.dsl.dynamic.fusionbroadband.com [50.0.66.4]) (authenticated bits=0) by hoffman.proper.com (8.14.5/8.14.3) with ESMTP id q4FIWF7H007851 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Tue, 15 May 2012 11:32:16 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=us-ascii
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <CABcZeBPCYNV=i5rsNt_QDDE2hY+8Tw4izovAVEFjYc=ESJst+Q@mail.gmail.com>
Date: Tue, 15 May 2012 11:32:15 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <8B30DD88-3AB5-4ED4-BDE6-87E50F60D8D3@vpnc.org>
References: <CABcZeBMY26xrfvAx=UsYN2XnuONZ2vPy9tNwHQALudd=yQDvgA@mail.gmail.com> <643D87CD-D01E-47B8-82E5-D3F57D50C80B@vpnc.org> <CABcZeBPCYNV=i5rsNt_QDDE2hY+8Tw4izovAVEFjYc=ESJst+Q@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
X-Mailer: Apple Mail (2.1278)
Cc: dane@ietf.org
Subject: Re: [dane] Behavior in the face of no answer?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 18:32:17 -0000

(Going back a bit in the discussion, using the only wording we have.)

On May 14, 2012, at 7:31 PM, Eric Rescorla wrote:

> On Mon, May 14, 2012 at 7:12 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
>> There doesn't seem to be convergence here, and the WG chairs and AD have asked the authors to propose wording that might bring consensus. The following text may be insufficient, but it's the best I can do at the moment, and if it isn't good enough, having you propose specific changes may be helpful.
>> 
>> This proposed text tries to pull together:
>> 
>> - Ekr's security analysis
>> 
>> - The desire for a MUST that is likely to be deployed, not ignored
>> 
>> - Acknowledgement that if the user doesn't know TLSA is being used, they are not losing anything from the attack
>> 
>> (And, yes, I think that the chairs should be doing this bit instead of Jakob and I. Oh, well.)
>> 
>> An attacker who is able to divert a user to a server under his control is also
>> likely to be able to block DNS requests from the user or DNS responses being
>> sent to the user. Thus, in order to achieve any security benefit from
>> certificate usage 0 or 1, an application that sends a request for TLSA records
>> needs to get either a valid signed response containing TLSA records or
>> verification that the domain is insecure or indeterminate. If a request for a
>> TLSA record does not meet one of those two criteria but the application
>> continues with the TLS handshake anyway, the application has gotten no benefit
>> from TLSA and should not make any internal or external indication that TLSA
>> was applied.
> 
> I think this is generally fine, modulo Stephen's concerns about types 2 and 3,
> which I haven't worked through yet.

Nor have I, but at least we're sure that we agree on 0 and 1.

>> If an application has any indication that TLSA is in use (such as
>> through a configuration setting), that application MUST not start a TLS
>> connection or abort a TLS handshake if either of the two criteria above are
>> not met.
> 
> I feel like this is confusing. There are two senses in which TLSA might
> be "in use". (1) The application is trying to retrieve it. (2) The DNS server
> is serving it. We're clearly in the first case, and it's the second which
> is unknown to us b/c under control of the attacker. Perhaps you
> mean to say "Applicaions SHOULD offer a setting to allow users to
> set strict TLSA checking, in which case..."

I don't think people have been talking about suggesting that the application let the user choose between strict and not-strict; I think most people here are against that. But I agree that the sentence is confusing because it makes "configuration setting" a subset of TLSA indication. Instead of that sentence, I propose:

If an application has a configuration setting for turning on TLSA use,
or has any indication that TLSA is in use (regardless of whether or not
this is configurable), that application MUST not start a TLS
connection or abort a TLS handshake if either of the two criteria above are
not met.

This does not say "and you might have hard failure configurable", but instead says "if the user might think that TLSA is in use, you have to hard fail if they are not getting the security that they might expect".

--Paul Hoffman

v2.8.7 | Report a Bug | By Email