IETF Logo Mail Archive

Re: [dane] Extending TLSA RFC to operate with TLS's new raw public keys

John Gilmore <gnu@toad.com> Fri, 06 June 2014 00:21 UTC

Return-Path: <gnu@toad.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5EC11A036E for <dane@ietfa.amsl.com>; Thu, 5 Jun 2014 17:21:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.102
X-Spam-Level:
X-Spam-Status: No, score=-1.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_BRBL_LASTEXT=1.449, RP_MATCHES_RCVD=-0.651] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hxsqz0XfhOv4 for <dane@ietfa.amsl.com>; Thu, 5 Jun 2014 17:21:52 -0700 (PDT)
Received: from new.toad.com (new.toad.com [209.237.225.253]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D30FE1A0369 for <dane@ietf.org>; Thu, 5 Jun 2014 17:21:52 -0700 (PDT)
Received: from new.toad.com (localhost.localdomain [127.0.0.1]) by new.toad.com (8.12.9/8.12.9) with ESMTP id s560LiBT019821; Thu, 5 Jun 2014 17:21:44 -0700
Message-Id: <201406060021.s560LiBT019821@new.toad.com>
To: Olafur Gudmundsson <ogud@ogud.com>
In-reply-to: <08E92113-6C1F-4BD3-8846-4B117FA1AC1E@ogud.com>
References: <201405290805.s4T85HBT008757@new.toad.com> <08E92113-6C1F-4BD3-8846-4B117FA1AC1E@ogud.com>
Comments: In-reply-to Olafur Gudmundsson <ogud@ogud.com> message dated "Tue, 03 Jun 2014 22:19:20 -0400."
Date: Thu, 05 Jun 2014 17:21:44 -0700
From: John Gilmore <gnu@toad.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/pWZDgfaw2DS8Dn4Q22Gi_SNTC4k
Cc: dane@ietf.org
Subject: Re: [dane] Extending TLSA RFC to operate with TLS's new raw public keys
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jun 2014 00:21:53 -0000

> Sorry for the top posting of our main arguments. 
> RFC7250 has shipped, please do not hold up the publication. 
> We need a quick turnaround to address the issues you identified below. 
> 
> As Wes Hardaker commented in a later message we have an “Dane uses and fixes” document in the
> queue and adding this to it is appropriate. (dane-ops) 

Today I read the dane-ops-03 document.  The latest is from February,
which seems rather old.  Also, it is designed to be a Best Current
Practice, and it does not update the DANE TLSA RFC 6698.

It has been argued by an RFC 6698 co-author that only an RFC which
"Updates: 6698" and goes through "the IETF community" and the DANE WG
can amend the strong statements in RFC 6698 that invalidate any
DANE protocol use that doesn't involve PKIX.  He said:
> Under no circumstances should RFC 6698 be updated in the fashion
> that John suggests below. The IETF community did not have an
> opportunity to review the proposed changes, the draft in question
> never mentioned that it would update RFC 6698, and the DANE WG was
> only informed of this during AUTH48.
>
> The authors could, and should, simply do a short Internet Draft that
> updates RFC 6698. Many / most of us would support that.

The Dane-Ops Draft doesn't meet these criteria.  So, either that
co-author would have to recant his previously expressed stance in
order to resolve the "TLSA for raw public keys" issue in the Dane-Ops
Draft; or else Dane-Ops would have to become a standards-track
protocol spec, not a BCP.  Perhaps if the WG agrees with this
co-author, the only thing is to ignore Dane-Ops and instead write a
new 2-page Internet-Draft.

Also, various people in the DANE WG have different ideas on how to
represent Raw Public Keys (RPKs) in TLSA records, what operational
constraints to put on TLSA records involving RPKs, and even how the
TLS protocol itself should evolve to require retries when using
RPKs. It seems a bit too early to say, "just release RFC 7250, it
won't need any more changes" when these issues have not been resolved,
nor even extensively explored.

I thought that we had consensus that just publishing a "3 1 x" key
would suffice, but it has become clear that others have very different
ideas, including "4 1 x" records, "1 1 x" records, etc.

I think that the real stumbling block here is the attitude that "DANE
is only for PKIX", which some WG participants came in with, which was
embedded into what became the primary DANE RFC (TLSA RFC 6698), and
which some continue to argue for.  Until and unless that attitude
is definitively repudiated by the WG in toto, I suspect that we will
continue to have problems reaching consensus whenever any IETF member
tries to use DNSSEC for a protocol (like Raw Public Keys) that does
not use PKIX certificates.

	John

v2.23.0 | Report a Bug | By Email