Re: [dane] Digest Algorithm Agility discussion
Viktor Dukhovni <viktor1dane@dukhovni.org> Mon, 17 March 2014 15:51 UTC
Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E4AA51A01ED for <dane@ietfa.amsl.com>; Mon, 17 Mar 2014 08:51:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 27Hro6hUFEuk for <dane@ietfa.amsl.com>; Mon, 17 Mar 2014 08:50:58 -0700 (PDT)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) by ietfa.amsl.com (Postfix) with ESMTP id 4A0861A01BE for <dane@ietf.org>; Mon, 17 Mar 2014 08:50:58 -0700 (PDT)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 0C4CB2AADF5; Mon, 17 Mar 2014 15:50:50 +0000 (UTC)
Date: Mon, 17 Mar 2014 15:50:49 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20140317155049.GB24183@mournblade.imrryr.org>
References: <20140315051704.GY21390@mournblade.imrryr.org> <alpine.LFD.2.10.1403171115580.32251@bofh.nohats.ca>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <alpine.LFD.2.10.1403171115580.32251@bofh.nohats.ca>
User-Agent: Mutt/1.5.23 (2014-03-12)
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/fBhmhVFaykWViLK9FbzNoymKcWc
Subject: Re: [dane] Digest Algorithm Agility discussion
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 17 Mar 2014 15:51:01 -0000
On Mon, Mar 17, 2014 at 11:26:58AM -0400, Paul Wouters wrote: > On Sat, 15 Mar 2014, Viktor Dukhovni wrote: > > >Goal: > > > > * It should be possible for servers to publish TLSA records > > employing multiple digest algorithms allowing clients to > > choose the best mutually supported digest. > > Isn't that already possible? Not based on RFC 6698 alone. With RFC 6698 the client trusts all TLSA records whether "weak" and "strong". > > * The client SHOULD employ digest algorithm agility by ignoring > > all but the strongest non-zero digest for each usage/selector > > combination. Note, records with matching type zero play no > > role in digest algorithm agility. > > I don't think that is a proper assumption. For example, a zone might > need to publish a GOST based digest for legal reasons (eg not trusting > US based digests) but might publish a FIPS approved digest for other > people. The client has a more complicated reduction scheme going on > for their local policy than "strongest". I am not *assuming* anything. We defined required client and server behaviour which, if consistently applied by all parties, makes algorithm agility possible. The client decides which digest to use. So long as the server publishes each object (certificate or public key) with the same set of digests as all other objects (i.e. the TLSA RRset is a "cross product" of the desired objects and digest algorithms) no information is lost when the client chooses just a single digest and ignores the rest. > Traditionally, for instance with the DS record, we allow publishing > multiple digests, and the client's task is just to find one which is > "acceptable". It would be nice if it starts with what it believes is > the "strongest". My proposal is essentially the same. The client uses the strongest acceptable digest algorithm. The *client* decides what "strongest" means. It never chooses an unsupported algorithm. > If a certain digest is so weak it is basically broken, it should not be > left in a published TLSA record. Weak digests (say SHA2-256 if/when broken) cannot be easily removed from RRsets until all clients support stronger ones. The idea is to publish stronger digests and deploy stronger clients, then remove weak digests later. Stronger clients will never use the published weak records. Otherwise there's an Internet-wide flag-day. > If the most prefered TLSA record fails validation, the client should try > another TLSA record. This works poorly. While the weak algorithm is being phased out (years) even clients that support stronger algorithms are at risk. > The order in which is does so could be written down > in the RFC if we think there is one true way of doing so. The order is irrelevant. Eventually some record matches. It is immaterial whether it is "first" or "last". > This also gives the server admin some more protection. If they publish > digests using SHA2-256 and SHA1, and it turns out their tool generates > bad SHA2-256, than the clients still have a valid SHA1 to fall back to. They could also publish a bogus CU or selector, or mess up in many other ways. I don't think that the intent of multiple algorithms in 6698 is to mask bogus data. > Perhaps there is text in the DS record RFC to look at that describes > this better than I just did. Perhaps Wes can chime in. His comment to me was that the proposed DAA (digest algorithm agility) is essentially the only possible and largely analogous to the DNSSEC approach. -- Viktor.
- [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Paul Wouters
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Paul Hoffman
- Re: [dane] Digest Algorithm Agility discussion Paul Wouters
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Paul Hoffman
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Paul Wouters
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Paul Hoffman
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Martin Rex
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Mark Andrews
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion (c… Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Jim Schaad
- Re: [dane] Digest Algorithm Agility discussion (c… Paul Hoffman
- Re: [dane] Digest Algorithm Agility discussion (c… Andrew Sullivan
- Re: [dane] Digest Algorithm Agility discussion (c… Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion (c… Scott Rose
- Re: [dane] Digest Algorithm Agility discussion (c… Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion (c… Scott Rose
- Re: [dane] Digest Algorithm Agility discussion Wes Hardaker
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Peter Palfrader
- Re: [dane] Digest Algorithm Agility discussion Mark Andrews
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Mark Andrews
- Re: [dane] Digest Algorithm Agility discussion Peter Palfrader
- Re: [dane] Digest Algorithm Agility discussion Mark Andrews
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Peter Palfrader
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Mark Andrews
- Re: [dane] Digest Algorithm Agility discussion Mark Andrews
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Paul Wouters
- Re: [dane] Digest Algorithm Agility discussion Viktor Dukhovni
- Re: [dane] Digest Algorithm Agility discussion Peter Palfrader
- Re: [dane] Digest Algorithm Agility discussion Wes Hardaker
- Re: [dane] Digest Algorithm Agility discussion Wes Hardaker