Re: [dane] On the PKIX-TA / PKIX-CA question? [ One week WGLC ]

Viktor Dukhovni <viktor1dane@dukhovni.org> Tue, 10 December 2013 07:34 UTC

Return-Path: <viktor1dane@dukhovni.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 529A81ADEA1 for <dane@ietfa.amsl.com>; Mon, 9 Dec 2013 23:34:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gxp9PE7RNX1T for <dane@ietfa.amsl.com>; Mon, 9 Dec 2013 23:34:08 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [38.117.134.19]) by ietfa.amsl.com (Postfix) with ESMTP id 91AB21ADDAF for <dane@ietf.org>; Mon, 9 Dec 2013 23:34:08 -0800 (PST)
Received: by mournblade.imrryr.org (Postfix, from userid 1034) id 22CF52AB174; Tue, 10 Dec 2013 07:34:03 +0000 (UTC)
Date: Tue, 10 Dec 2013 07:34:03 +0000
From: Viktor Dukhovni <viktor1dane@dukhovni.org>
To: dane@ietf.org
Message-ID: <20131210073402.GA761@mournblade.imrryr.org>
References: <A06891E1-01E0-40CC-A9A2-171CAA39AB79@kumari.net> <20131205175314.GH761@mournblade.imrryr.org> <E78C07CA-B742-43B2-8848-33DEB22A8014@kumari.net> <201312080234.rB82YeoW029387@new.toad.com> <m3y53tg0c3.fsf@carbon.jhcloos.org> <20131209231919.GY761@mournblade.imrryr.org> <4FAF6906-D258-4AB3-B76C-888C35566097@kirei.se>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4FAF6906-D258-4AB3-B76C-888C35566097@kirei.se>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [dane] On the PKIX-TA / PKIX-CA question? [ One week WGLC ]
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: dane@ietf.org
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Dec 2013 07:34:10 -0000

On Tue, Dec 10, 2013 at 08:12:42AM +0100, Jakob Schlyter wrote:

> > [ Usages 0/1 are a blunder, we're continuing to pay the cost of
> >  this blunder. ]
> 
> As the author of 6698, I don't agree and believe 0/1 are still
> useful as an additional layer of security for traditional PKIX.

You left out the word "theatre" after "security". :-)  I guess time
will tell whether the definition of 0/1 in 6698 is in fact pointless
complexity.  The critical thing now is to drive DNSSEC adoption,
so that DANE becomes viable (or perhaps adoption of both in parallel,
if DANE is the carrot for DNSSEC adoption).

In the mean-time, I have a working, and plausibly correct, be it
not yet extensively tested, general purpose DANE interface for
OpenSSL.  It fully supports all the DANE usages (including the
theatrical ones).  It even supports out-of-band "2 x 0" certificates
and keys and certificates even when these are not in the peer's
TLS chain.

Let's hope that support for DANE verification with OpenSSL will
encourage broader application support for DANE.  With a bit of
luck, someone from the OpenSSL team will volunteer to work with me
to integrate the code into the development tree.

This took just over 1200 lines of commented code.  It should work
with OpenSSL 0.9.8 or newer.  A very recent insight made it possible
to remove the need for signing operations and generation of internal
private keys in the verifier, so it is now about as simple as it
can get.

The usage 2 implementation is radically different from all the
other cases, and accounts for the bulk of the code.  This is why
I am not comfortable with language that suggests that the difference
between 0 and 2 is just like that between 1 and 3.  This is very
far from the truth.
 
-- 
	Viktor.