IETF Logo Mail Archive

Re: [dane] Digest algorithm agility (possible discussion topic for: Informal lunch meeting in Vancouver on Thursday)

Viktor Dukhovni <viktor1dane@dukhovni.org> Fri, 15 November 2013 06:55 UTC

Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0CB3C11E80DC for <dane@ietfa.amsl.com>; Thu, 14 Nov 2013 22:55:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rCoij-AAd7zT for <dane@ietfa.amsl.com>; Thu, 14 Nov 2013 22:55:20 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) by ietfa.amsl.com (Postfix) with ESMTP id D25D911E8102 for <dane@ietf.org>; Thu, 14 Nov 2013 22:55:19 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 0F7952AB08F; Fri, 15 Nov 2013 06:55:19 +0000 (UTC)
Date: Fri, 15 Nov 2013 06:55:19 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20131115065518.GM761@mournblade.imrryr.org>
References: <68F7E418-B6F1-46C2-9344-00BB6102D940@vpnc.org> <20131104223219.GP2976@mournblade.imrryr.org> <1383702043.26498.20.camel@localhost> <20131115054504.GK761@mournblade.imrryr.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20131115054504.GK761@mournblade.imrryr.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [dane] Digest algorithm agility (possible discussion topic for: Informal lunch meeting in Vancouver on Thursday)
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 15 Nov 2013 06:55:24 -0000

On Fri, Nov 15, 2013 at 05:45:04AM +0000, Viktor Dukhovni wrote:

> Basically, when all the RRs for a particular mtype (that would otherwise
> be considered strongest present) are a-priori unusable due to malformed
> data, we can't be sure whether even the "selector" and "mtype" are valid,
> after all the record is junk.  So it seems reasonable to not impute any
> meaning to such a record's meta-data in the face of broken data.

A closer reading of 6698 seems to support the above:

	https://tools.ietf.org/html/rfc6698#appendix-B.2

before any processing of the TLSA RRset, we see:

   for each R in TLSArecords {
     // unusable records include unknown certUsage, unknown
     // selectorType, unknown matchingType, erroneous RDATA, and
     // prohibited by local policy
     if (R is unusable) {
       remove R from TLSArecords
     }
   }

with supporting language in https://tools.ietf.org/html/rfc6698#section-4.1

   If a certificate association contains a certificate usage, selector,
   or matching type that is not understood by the TLS client, that
   certificate association MUST be considered unusable.  If the
   comparison data for a certificate is malformed, the certificate
   association MUST be considered unusable.

so certainly the malformed "X Y 0" cases are explicitly out of
scope, and I think so are the cases where the digest length is
absurd.

So if the rest of the digest agility proposal is acceptable, the
semantics of unusable records in this case are perhaps already
defined the way I thought most natural.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email