IETF Logo Mail Archive

Re: [dane] Digest algorithm agility (possible discussion topic for: Informal lunch meeting in Vancouver on Thursday)

Matt McCutchen <matt@mattmccutchen.net> Fri, 15 November 2013 06:27 UTC

Return-Path: <matt@mattmccutchen.net>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69C2611E8107 for <dane@ietfa.amsl.com>; Thu, 14 Nov 2013 22:27:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kX4ShswhVoXL for <dane@ietfa.amsl.com>; Thu, 14 Nov 2013 22:26:54 -0800 (PST)
Received: from homiemail-a14.g.dreamhost.com (caiajhbdccah.dreamhost.com [208.97.132.207]) by ietfa.amsl.com (Postfix) with ESMTP id 1833211E80F2 for <dane@ietf.org>; Thu, 14 Nov 2013 22:26:54 -0800 (PST)
Received: from homiemail-a14.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a14.g.dreamhost.com (Postfix) with ESMTP id 0FF7E392075 for <dane@ietf.org>; Thu, 14 Nov 2013 22:26:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=mattmccutchen.net; h= message-id:subject:from:to:date:in-reply-to:references :content-type:mime-version:content-transfer-encoding; s= mattmccutchen.net; bh=Rsas1tfuyvIJw7+qgC4XQ517aCM=; b=WW1Qe+pyNn dxyTll/h9sdvGulpXBzKX8G1zHVMh+bLGx6Da2h/C8igkokvLJYXdk56lfmJvQ++ VGYqVRqLvh87LPCGAjbtswtYy24CtxCrH+boqTrWrudSTq8Hnr4dl/XbC3YD8gSs vcqUfv88iT7m+N0eXT3ubM89qrBZ8LB4A=
Received: from [192.168.25.104] (unknown [216.239.55.192]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: matt@mattmccutchen.net) by homiemail-a14.g.dreamhost.com (Postfix) with ESMTPSA id F07A7392070 for <dane@ietf.org>; Thu, 14 Nov 2013 22:26:50 -0800 (PST)
Message-ID: <1384496841.1772.8.camel@localhost>
From: Matt McCutchen <matt@mattmccutchen.net>
To: dane@ietf.org
Date: Thu, 14 Nov 2013 22:27:21 -0800
In-Reply-To: <20131115054504.GK761@mournblade.imrryr.org>
References: <68F7E418-B6F1-46C2-9344-00BB6102D940@vpnc.org> <20131104223219.GP2976@mournblade.imrryr.org> <1383702043.26498.20.camel@localhost> <20131115054504.GK761@mournblade.imrryr.org>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.8.2
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: Re: [dane] Digest algorithm agility (possible discussion topic for: Informal lunch meeting in Vancouver on Thursday)
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Nov 2013 06:27:00 -0000

On Fri, 2013-11-15 at 05:45 +0000, Viktor Dukhovni wrote:
> On Tue, Nov 05, 2013 at 05:40:43PM -0800, Matt McCutchen wrote:
> 
> > > My proposal is as follows:
> > > 
> > > When a TLSA RRset contains multiple RRs of the form:
> > > 
> > >         _<port>._tcp.server.example.com. IN TLSA <U> <S> <M> <D>
> > > 
> > > with the same values of "U" and "S" but different values of the
> > > matching type, a client MAY ignore a "weaker" matching type
> > > (deprecated digest algorithm) when a "stronger" matching type for
> > > the same usage and selector is present.  Which matching types are
> > > considered "weaker" is generally at the client's discretion.
> > 
> > >     - TLSA records that specify multiple certificates or public
> > >       keys for a single (U,S) combination (e.g. multiple trust
> > >       anchors, or multiple EE certificates during key roll-over)
> > >       MUST use the same set of matching types for all of them!
> > > 
> > >       Otherwise, clients may fail to support one of the desired
> > >       certificates, when they choose to support only the RRs with
> > >       the strongest matching type.
> > 
> > I.e., the same solution that is de facto used by DNSSEC DS records
> > (https://www.ietf.org/mail-archive/web/dnsext/current/msg11008.html).
> > 
> > I believe in the need for algorithm agility and proposed three possible
> > solutions including the above during the original design process
> > (https://trac.tools.ietf.org/wg/dane/trac/ticket/22), but got no
> > traction.
> 
> Thanks, yes, so my proposal requires no changes to the DANE RRset,
> rather it requires sensible DNS operator practice.  For each 
> (usage, selector) combination the mapping:
> 
>     "data" -> SET OF mtype for RRs that correspond to "data"
> 
> must be the same for all "data" that use the same (usage, selector).
> I think this is the "Cartesian Product" option in your ticket, but
> the set of mtypes may differ from one (usage, selector) pair to another.

Right.

Sensible as this practice may seem, it's not required by the standard,
which may reduce the likelihood that any given zone administrator will
be willing to follow it.  You may get fewer interoperability failures at
the cost of missing some attacks by having the zone opt into an
algorithm agility scheme by publishing additional RRs.

Matt

v2.23.0 | Report a Bug | By Email