Re: [dane] DANE Testing

Stephen Nightingale <> Fri, 21 February 2014 21:54 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 0E3281A021A for <>; Fri, 21 Feb 2014 13:54:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.748
X-Spam-Status: No, score=-4.748 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.548] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 6_wjc-2yIBTv for <>; Fri, 21 Feb 2014 13:54:14 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id A40AF1A0152 for <>; Fri, 21 Feb 2014 13:54:14 -0800 (PST)
Received: from ( by ( with Microsoft SMTP Server (TLS) id; Fri, 21 Feb 2014 16:53:58 -0500
Received: from ( by ( with Microsoft SMTP Server (TLS) id 8.3.327.1; Fri, 21 Feb 2014 16:54:07 -0500
Received: from [] ( []) by (8.13.8/8.13.1) with ESMTP id s1LLs4iK029637 for <>; Fri, 21 Feb 2014 16:54:04 -0500
Message-ID: <>
Date: Fri, 21 Feb 2014 16:54:04 -0500
From: Stephen Nightingale <>
Organization: NIST
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0
MIME-Version: 1.0
To: <>
References: <> <>
In-Reply-To: <>
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: [dane] DANE Testing
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 21 Feb 2014 21:54:17 -0000

On 2/21/2014 4:38 PM, Viktor Dukhovni wrote:
> On Fri, Feb 21, 2014 at 03:19:10PM -0500, Stephen Nightingale wrote:
>> It is now possible to test from both TLSlite based and GnuTLS based
>> clients.
> The GnuTLS DANE implementation does not implement DANE-TA(2) or
> correctly.  It may also IIRC not do PKIX-TA(0) right either.  The
> issue is that the TA is incorrectly constrained to be the immediate
> issuer of the leaf certificate.  There may be other problems, I
> did not perform a comprehensive code review.
> So results from GnuTLS DANE verification can be misleading.
I should point out that I am not using GnuTLS idea of DANE verification. 
I'm getting the cert chain passed up and doing my own DANE verification. 
For this purpose I had to modify the python-gnutls-1.2.5 interface to 
GnuTLS, to pass in a certificate chain, since in the download it only 
passes in a single end cert.

>> A golden, canonical CA list would be nice to find. But I guess that its
>> non-universal availability is one of the problems of the CA system
>> that DANE is aiming squarely at.
> There is no such beast.  A form of Goedel's incompleteness theorem
> applies: any list of CAs is either incomplete or untrustworthy (or
> both).
>> The differences between TLSlite and GnuTLS clients highlight the
>> fact that there are unresolved interoperability issues among TLS
>> implementations.
> Default configurations of GnuTLS typically enforce unreasonable
> minimum sizes on EDH primes.  Applications have to work around
> these with policy overrides.
>> I look forward to seeing the newly upgraded OpenSSL
>> client with added DANE.  It is quite possible that as an interim step
>> before its appearance I will add this DANE-in-the-App implementation
>> to pyOpenSSL and/or Twisted.
> Such a project should not be undertaken lightly, it is too easy to
> get it wrong.
>> If you find any glaring errors, I will be embarrassed but thankful.
>> If you find any subtle errors I will be impressed and thankful.
> A code review is required to rule out subtle errors, glaring errors
> may show up in tests if the test bed is sufficiently comprehensive.