IETF Logo Mail Archive

Re: [dane] Behavior in the face of no answer?

John Gilmore <gnu@toad.com> Wed, 16 May 2012 01:24 UTC

Return-Path: <gnu@toad.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9C69521F86A0 for <dane@ietfa.amsl.com>; Tue, 15 May 2012 18:24:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.349
X-Spam-Level:
X-Spam-Status: No, score=0.349 tagged_above=-999 required=5 tests=[AWL=0.252, BAYES_00=-2.599, RCVD_IN_NJABL_RELAY=2.696]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TUuOxYfmwNDb for <dane@ietfa.amsl.com>; Tue, 15 May 2012 18:24:19 -0700 (PDT)
Received: from new.toad.com (new.toad.com [209.237.225.253]) by ietfa.amsl.com (Postfix) with ESMTP id 0F68C21F863C for <dane@ietf.org>; Tue, 15 May 2012 18:24:19 -0700 (PDT)
Received: from new.toad.com (localhost.localdomain [127.0.0.1]) by new.toad.com (8.12.9/8.12.9) with ESMTP id q4G1OIcF015532; Tue, 15 May 2012 18:24:18 -0700
Message-Id: <201205160124.q4G1OIcF015532@new.toad.com>
To: John Gilmore <gnu@toad.com>
In-reply-to: <201205160116.q4G1GTcF015332@new.toad.com>
References: <CABcZeBMY26xrfvAx=UsYN2XnuONZ2vPy9tNwHQALudd=yQDvgA@mail.gmail.com> <643D87CD-D01E-47B8-82E5-D3F57D50C80B@vpnc.org> <201205160116.q4G1GTcF015332@new.toad.com>
Comments: In-reply-to John Gilmore <gnu@toad.com> message dated "Tue, 15 May 2012 18:16:29 -0700."
Date: Tue, 15 May 2012 18:24:18 -0700
From: John Gilmore <gnu@toad.com>
Cc: Paul Hoffman <paul.hoffman@vpnc.org>, dane@ietf.org
Subject: Re: [dane] Behavior in the face of no answer?
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 01:24:19 -0000

> responses being sent to the user.  Thus, in order to achieve any
> security benefit from certificate usage 0 or 1, the protocol requires
> that when DNS responses have not arrived or are not valid, the TLS
> connection must not succeed.

It's easy for a Man in the Middle to subvert cert usage 3 this way
too.  They just issue themselves a cert signed by some subverted
public CA, block your TLSA DNS responses, and then if you proceed with
TLS, you'll accept the key signed by the subverted public CA, since
you never saw the record that says "This server is secured by THIS
PUBLIC KEY RIGHT HERE, and not anything else."

This attack also works against cert usage 2.  Thus I'm not sure why
this proposed graf even mentions cert usages 0 and 1, except perhaps
to remind the PKIX fans among us that proceeding in the face of DNS
blockage causes even their favorite forms of TLSA to be vulnerable.

Thus I'd revise that text (for a security section somewhere) to:

An attacker who is able to divert a user to a server under his control
is also likely to be able to block DNS requests from the user or DNS
responses being sent to the user.  Thus, in order to achieve any
security benefit from DANE TLSA, the protocol requires that when DNS
responses have not arrived or are not valid, the TLS connection must
not succeed.

	John

v2.8.7 | Report a Bug | By Email