Re: [dane] Behavior in the face of no answer?

Eric Rescorla <ekr@rtfm.com> Tue, 15 May 2012 20:25 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D6DBB21F86CA for <dane@ietfa.amsl.com>; Tue, 15 May 2012 13:25:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.977
X-Spam-Level:
X-Spam-Status: No, score=-102.977 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YQjImnDSI7U6 for <dane@ietfa.amsl.com>; Tue, 15 May 2012 13:25:29 -0700 (PDT)
Received: from mail-vb0-f44.google.com (mail-vb0-f44.google.com [209.85.212.44]) by ietfa.amsl.com (Postfix) with ESMTP id 3891021F8829 for <dane@ietf.org>; Tue, 15 May 2012 13:25:29 -0700 (PDT)
Received: by vbbez10 with SMTP id ez10so4185vbb.31 for <dane@ietf.org>; Tue, 15 May 2012 13:25:28 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-originating-ip:in-reply-to:references:from:date :message-id:subject:to:cc:content-type:content-transfer-encoding :x-gm-message-state; bh=TRH7YOh4cqvndSXDqIQyQm5hwbJNUc+q97LXWXNKDqk=; b=N+96mUBTaurgp6cdAbnpmXO+iYL1NRZXCEVWSXvSZK4eAvTVItaaEvVtYNG6x9htx8 ylZPDNXKTdc4r3YALyEqBTMR7bKd6yi9SZH5C3o9mnMO+SdFK9HXoEij5B7kziiyGI2/ uPBi9dynM4JD+oA8Ok6mbVodN478PGiLs1KLHmfDJ3WZMMaQhNw2/cpRD2zkxqMeB7ig f0vjjssRP7rB0WlTVqwjjIQVBntjFGFohhDMdcHZQv3c0XqSEpovKw02b/F0Cnf+NJj/ Y6B/gVs/xgbbXwa3pKfRy2smEt6222GFK/a1E/qhLWBVqSSbGMS/ggJF+gbkcyKy5aK+ J9UQ==
Received: by 10.220.150.148 with SMTP id y20mr243478vcv.26.1337113528594; Tue, 15 May 2012 13:25:28 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.35.209 with HTTP; Tue, 15 May 2012 13:24:48 -0700 (PDT)
X-Originating-IP: [63.245.220.224]
In-Reply-To: <201205152008.q4FK8rAx001987@fs4113.wdf.sap.corp>
References: <CABcZeBMgQR9kLn50fVxx8_kihr5ZvZ8PnhEoHbo9=25ZcQeoKw@mail.gmail.com> <201205152008.q4FK8rAx001987@fs4113.wdf.sap.corp>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 15 May 2012 13:24:48 -0700
Message-ID: <CABcZeBMNXpvOdeX_Nz6t8JNtws88CJuZyzptqjGmYpbfkt5d=Q@mail.gmail.com>
To: mrex@sap.com
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: ALoCoQklH032+8HjNrsZZqOdD/fVHmhTZ3I8JgktvP3e09lznEj4E/gA6T5JzS2I7MFxNIHVKf3M
Cc: paul.hoffman@vpnc.org, dane@ietf.org
Subject: Re: [dane] Behavior in the face of no answer?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 20:25:29 -0000

On Tue, May 15, 2012 at 1:08 PM, Martin Rex <mrex@sap.com> wrote:
> Eric Rescorla wrote:
>>
>> On Tue, May 15, 2012 at 10:04 AM, Martin Rex <mrex@sap.com> wrote:
>> > Eric Rescorla wrote:
>> >>
>> >> On Tue, May 15, 2012 at 9:52 AM, Martin Rex <mrex@sap.com> wrote:
>> >> > And as a fallback, browsers could use a TLSA & server-cert lock, i.e.
>> >> > memorizing information from the last visit of a site and using that
>> >> > to perform server endpoint identification in case that DNSSEC lookups
>> >> > fail when roaming.
>> >>
>> >> At which point it's hard to understand how this is better than cert pinning
>> >> via HSTS.
>> >
>> > Such a TLSA & server-cert lock is supposed to be transient substitute for
>> > the lack of DNSSEC connectivity.  That memorized information will need
>> > to be updated whenever full DNSSEC connectivity is available.
>>
>> And the HSTS information can be updated whenever you go to the server.
>
> But the HSTS has a clear hen-and-edd problem:  You can _only_ get updates
> when the verification based on the previous information is still possible,
> otherwise your browser will not establish the communication channel that
> is a pre-requisite to obtain the updated information.
>
> To me it looks like it will be pretty easy to lock yourself out, since
> you have no influence about how frequently the client accesses a site.

1. The pins expire, so you advertise both old and new pins (but continue
to use the old key) until all old pins have expired.
2. There are techniques for breaking the pin.

I'm not suggesting that this draft is perfect, but really these are
fairly obvious
objections that have been discussed extensively in websec.

-Ekr