Re: [dane] On the PKIX-TA / PKIX-CA question? [ One week WGLC ]

[Viktor Dukhovni <viktor1dane@dukhovni.org>]

On Tue, Dec 10, 2013 at 08:12:42AM +0100, Jakob Schlyter wrote:

> > [ Usages 0/1 are a blunder, we're continuing to pay the cost of
> >  this blunder. ]
> 
> As the author of 6698, I don't agree and believe 0/1 are still
> useful as an additional layer of security for traditional PKIX.

You left out the word "theatre" after "security". :-)  I guess time
will tell whether the definition of 0/1 in 6698 is in fact pointless
complexity.  The critical thing now is to drive DNSSEC adoption,
so that DANE becomes viable (or perhaps adoption of both in parallel,
if DANE is the carrot for DNSSEC adoption).

In the mean-time, I have a working, and plausibly correct, be it
not yet extensively tested, general purpose DANE interface for
OpenSSL.  It fully supports all the DANE usages (including the
theatrical ones).  It even supports out-of-band "2 x 0" certificates
and keys and certificates even when these are not in the peer's
TLS chain.

Let's hope that support for DANE verification with OpenSSL will
encourage broader application support for DANE.  With a bit of
luck, someone from the OpenSSL team will volunteer to work with me
to integrate the code into the development tree.

This took just over 1200 lines of commented code.  It should work
with OpenSSL 0.9.8 or newer.  A very recent insight made it possible
to remove the need for signing operations and generation of internal
private keys in the verifier, so it is now about as simple as it
can get.

The usage 2 implementation is radically different from all the
other cases, and accounts for the bulk of the code.  This is why
I am not comfortable with language that suggests that the difference
between 0 and 2 is just like that between 1 and 3.  This is very
far from the truth.
 
-- 
	Viktor.