Re: [dane] Digest Algorithm Agility discussion (checkpoint)

Viktor Dukhovni <> Tue, 18 March 2014 14:38 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 17B221A04BC for <>; Tue, 18 Mar 2014 07:38:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Mzrlrw3Qk67R for <>; Tue, 18 Mar 2014 07:38:08 -0700 (PDT)
Received: from ( []) by (Postfix) with ESMTP id 1516D1A04CD for <>; Tue, 18 Mar 2014 07:38:08 -0700 (PDT)
Received: by (Postfix, from userid 1034) id 70CB82AB22D; Tue, 18 Mar 2014 14:37:59 +0000 (UTC)
Date: Tue, 18 Mar 2014 14:37:59 +0000
From: Viktor Dukhovni <>
Message-ID: <>
References: <> <> <> <> <>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <>
User-Agent: Mutt/1.5.23 (2014-03-12)
Subject: Re: [dane] Digest Algorithm Agility discussion (checkpoint)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 18 Mar 2014 14:38:10 -0000

Thanks to everyone who contributed to this point.  My conclusions
so far:

    - Since "local policy" may exclude an arbitrary subset of the
      digest algorithms from consideration, whether the digest
      algorithm employed by clients is as I suggest, or not, server
      operators MUST apply the SAME set of digests to all objects
      published in a TLSA RRset, since otherwise the "visibility"
      of objects in the RRset will be client dependent.

    - Given the above clients either MAY or SHOULD apply the
      algorithm I propose, it provides incremental benefit before
      weaker algorithms are dropped, and reduces risks to servers
      that publish weaker algorithms.

      For example, with opportunistic TLS, client and server
      implementations can safely leave weaker cipher-suites at a
      low priority on their cipher-lists, because these will not be
      chosen when stronger options are available.  When nothing
      better is available, these are at least better than cleartext.

If "local policy" per 6698, includes the possibility of "adaptive
local policy" that depends on the server's TLSA RRset content, then
my proposal is already an implicit MAY per 6698.  I'd like to propose
to elevate it to a SHOULD, while emphasizing the MUST for the server
to publish cross-product TLSA RRsets when employing multiple digests.

Reminder: the proposal is that clients SHOULD apply some local
ranking to the digest algorithms, and only use those records for
each (usage, selector) combination that either have a matching type
of Full(0) or have the best ranking among all digests used with
that (usage, selector).  Clients SHOULD have a way to completely
disable algorithms.