Re: [dane] DANE Testing

Stephen Nightingale <night@nist.gov> Fri, 21 February 2014 21:54 UTC

Return-Path: <stephen.nightingale@nist.gov>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E3281A021A for <dane@ietfa.amsl.com>; Fri, 21 Feb 2014 13:54:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.748
X-Spam-Level:
X-Spam-Status: No, score=-4.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.548] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6_wjc-2yIBTv for <dane@ietfa.amsl.com>; Fri, 21 Feb 2014 13:54:14 -0800 (PST)
Received: from wsget2.nist.gov (wsget2.nist.gov [129.6.13.151]) by ietfa.amsl.com (Postfix) with ESMTP id A40AF1A0152 for <dane@ietf.org>; Fri, 21 Feb 2014 13:54:14 -0800 (PST)
Received: from WSXGHUB1.xchange.nist.gov (129.6.18.96) by wsget2.nist.gov (129.6.13.151) with Microsoft SMTP Server (TLS) id 14.3.174.1; Fri, 21 Feb 2014 16:53:58 -0500
Received: from postmark.nist.gov (129.6.16.94) by WSXGHUB1.xchange.nist.gov (129.6.18.96) with Microsoft SMTP Server (TLS) id 8.3.327.1; Fri, 21 Feb 2014 16:54:07 -0500
Received: from [127.0.0.1] (31-140.antd.nist.gov [129.6.140.31]) by postmark.nist.gov (8.13.8/8.13.1) with ESMTP id s1LLs4iK029637 for <dane@ietf.org>; Fri, 21 Feb 2014 16:54:04 -0500
Message-ID: <5307CAFC.1090205@nist.gov>
Date: Fri, 21 Feb 2014 16:54:04 -0500
From: Stephen Nightingale <night@nist.gov>
Organization: NIST
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: <dane@ietf.org>
References: <5307B4BE.9010706@nist.gov> <20140221213819.GV278@mournblade.imrryr.org>
In-Reply-To: <20140221213819.GV278@mournblade.imrryr.org>
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit
X-NIST-MailScanner-Information:
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/PD9x72rsNjz0JX8uAS7khQOJ6CI
Subject: Re: [dane] DANE Testing
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: night@nist.gov
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Feb 2014 21:54:17 -0000

On 2/21/2014 4:38 PM, Viktor Dukhovni wrote:
> On Fri, Feb 21, 2014 at 03:19:10PM -0500, Stephen Nightingale wrote:
>
>> It is now possible to test from both TLSlite based and GnuTLS based
>> clients.
> The GnuTLS DANE implementation does not implement DANE-TA(2) or
> correctly.  It may also IIRC not do PKIX-TA(0) right either.  The
> issue is that the TA is incorrectly constrained to be the immediate
> issuer of the leaf certificate.  There may be other problems, I
> did not perform a comprehensive code review.
>
> So results from GnuTLS DANE verification can be misleading.
I should point out that I am not using GnuTLS idea of DANE verification. 
I'm getting the cert chain passed up and doing my own DANE verification. 
For this purpose I had to modify the python-gnutls-1.2.5 interface to 
GnuTLS, to pass in a certificate chain, since in the download it only 
passes in a single end cert.



>
>> A golden, canonical CA list would be nice to find. But I guess that its
>> non-universal availability is one of the problems of the CA system
>> that DANE is aiming squarely at.
> There is no such beast.  A form of Goedel's incompleteness theorem
> applies: any list of CAs is either incomplete or untrustworthy (or
> both).
>
>> The differences between TLSlite and GnuTLS clients highlight the
>> fact that there are unresolved interoperability issues among TLS
>> implementations.
> Default configurations of GnuTLS typically enforce unreasonable
> minimum sizes on EDH primes.  Applications have to work around
> these with policy overrides.
>
>> I look forward to seeing the newly upgraded OpenSSL
>> client with added DANE.  It is quite possible that as an interim step
>> before its appearance I will add this DANE-in-the-App implementation
>> to pyOpenSSL and/or Twisted.
> Such a project should not be undertaken lightly, it is too easy to
> get it wrong.
>
>> If you find any glaring errors, I will be embarrassed but thankful.
>> If you find any subtle errors I will be impressed and thankful.
> A code review is required to rule out subtle errors, glaring errors
> may show up in tests if the test bed is sufficiently comprehensive.
>