IETF Logo Mail Archive

Re: [dane] Behavior in the face of no answer?

Warren Kumari <warren@kumari.net> Tue, 15 May 2012 19:32 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E58C721F8866 for <dane@ietfa.amsl.com>; Tue, 15 May 2012 12:32:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -106.046
X-Spam-Level:
X-Spam-Status: No, score=-106.046 tagged_above=-999 required=5 tests=[AWL=0.553, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 73vtJc2+qAe5 for <dane@ietfa.amsl.com>; Tue, 15 May 2012 12:32:09 -0700 (PDT)
Received: from vimes.kumari.net (vimes.kumari.net [198.186.192.250]) by ietfa.amsl.com (Postfix) with ESMTP id 12E3C21F8849 for <dane@ietf.org>; Tue, 15 May 2012 12:32:08 -0700 (PDT)
Received: from [192.168.0.12] (unknown [64.13.52.115]) by vimes.kumari.net (Postfix) with ESMTPSA id 20CC71B402F8; Tue, 15 May 2012 15:32:08 -0400 (EDT)
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset=windows-1252
From: Warren Kumari <warren@kumari.net>
In-Reply-To: <8B30DD88-3AB5-4ED4-BDE6-87E50F60D8D3@vpnc.org>
Date: Tue, 15 May 2012 15:32:44 -0400
Content-Transfer-Encoding: quoted-printable
Message-Id: <A0B2E24D-63C8-4CFB-AA99-4BD65EB76739@kumari.net>
References: <CABcZeBMY26xrfvAx=UsYN2XnuONZ2vPy9tNwHQALudd=yQDvgA@mail.gmail.com> <643D87CD-D01E-47B8-82E5-D3F57D50C80B@vpnc.org> <CABcZeBPCYNV=i5rsNt_QDDE2hY+8Tw4izovAVEFjYc=ESJst+Q@mail.gmail.com> <8B30DD88-3AB5-4ED4-BDE6-87E50F60D8D3@vpnc.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
X-Mailer: Apple Mail (2.1257)
Cc: dane@ietf.org
Subject: Re: [dane] Behavior in the face of no answer?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 May 2012 19:32:10 -0000

On May 15, 2012, at 2:32 PM, Paul Hoffman wrote:

> (Going back a bit in the discussion, using the only wording we have.)

<chair>
Thank you -- and I ask that if folk are unhappy with the current wording they  propose alternate. Simply grumping (and repeating yourself) isn't nearly as effective at communicating what you actually *mean* as providing suitable text...
</chair> 

> 
> On May 14, 2012, at 7:31 PM, Eric Rescorla wrote:
> 
>> On Mon, May 14, 2012 at 7:12 PM, Paul Hoffman <paul.hoffman@vpnc.org> wrote:
>>> There doesn't seem to be convergence here, and the WG chairs and AD have asked the authors to propose wording that might bring consensus. The following text may be insufficient, but it's the best I can do at the moment, and if it isn't good enough, having you propose specific changes may be helpful.
>>> 
>>> This proposed text tries to pull together:
>>> 
>>> - Ekr's security analysis
>>> 
>>> - The desire for a MUST that is likely to be deployed, not ignored
>>> 
>>> - Acknowledgement that if the user doesn't know TLSA is being used, they are not losing anything from the attack
>>> 
>>> (And, yes, I think that the chairs should be doing this bit instead of Jakob and I. Oh, well.)
>>> 
>>> An attacker who is able to divert a user to a server under his control is also
>>> likely to be able to block DNS requests from the user or DNS responses being
>>> sent to the user. Thus, in order to achieve any security benefit from
>>> certificate usage 0 or 1, an application that sends a request for TLSA records
>>> needs to get either a valid signed response containing TLSA records or
>>> verification that the domain is insecure or indeterminate. If a request for a
>>> TLSA record does not meet one of those two criteria but the application
>>> continues with the TLS handshake anyway, the application has gotten no benefit
>>> from TLSA and should not make any internal or external indication that TLSA
>>> was applied.
>> 
>> I think this is generally fine, modulo Stephen's concerns about types 2 and 3,
>> which I haven't worked through yet.
> 
> Nor have I, but at least we're sure that we agree on 0 and 1.
> 
>>> If an application has any indication that TLSA is in use (such as
>>> through a configuration setting), that application MUST not start a TLS
>>> connection or abort a TLS handshake if either of the two criteria above are
>>> not met.
>> 
>> I feel like this is confusing. There are two senses in which TLSA might
>> be "in use". (1) The application is trying to retrieve it. (2) The DNS server
>> is serving it. We're clearly in the first case, and it's the second which
>> is unknown to us b/c under control of the attacker. Perhaps you
>> mean to say "Applicaions SHOULD offer a setting to allow users to
>> set strict TLSA checking, in which case..."
> 
> I don't think people have been talking about suggesting that the application let the user choose between strict and not-strict; I think most people here are against that.

This may be my fault -- a long time back (in this thread) I proposed having implmentations  default to not-strict and then, in a few years (once there is less DNSSEC breakage by CPE, etc), vendors would turn the knob to strict mode. Educated / security concious users would also be able to turn the knob if they so  desired.

This was just an idea, and perhaps a bad one!


> But I agree that the sentence is confusing because it makes "configuration setting" a subset of TLSA indication. Instead of that sentence, I propose:
> 
> If an application has a configuration setting for turning on TLSA use,
> or has any indication that TLSA is in use (regardless of whether or not
> this is configurable), that application MUST not start a TLS
> connection or abort a TLS handshake if either of the two criteria above are
> not met.
> 
> This does not say "and you might have hard failure configurable", but instead says "if the user might think that TLSA is in use, you have to hard fail if they are not getting the security that they might expect".

This sounds good to me, but what does the user do in this case?  Simply remove the s from https:// (assuming a browser)? Do we need to mention anything, or leave this up to the application? There is already stuff like HSTS / web sec, etc for this…

Yes, I should be proposing text here, but I'm not really taking a stand, rather trying to get feedback...

W
> 
> --Paul Hoffman
> 
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane
>

v2.8.7 | Report a Bug | By Email