IETF Logo Mail Archive

Re: [dane] RPK use-case high level problem statement

John Gilmore <gnu@toad.com> Fri, 06 June 2014 02:13 UTC

Return-Path: <gnu@toad.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3044D1A03B6 for <dane@ietfa.amsl.com>; Thu, 5 Jun 2014 19:13:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.102
X-Spam-Level:
X-Spam-Status: No, score=-1.102 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_BRBL_LASTEXT=1.449, RP_MATCHES_RCVD=-0.651] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wVcWv0eoOyNb for <dane@ietfa.amsl.com>; Thu, 5 Jun 2014 19:13:31 -0700 (PDT)
Received: from new.toad.com (new.toad.com [209.237.225.253]) (using TLSv1 with cipher EDH-RSA-DES-CBC3-SHA (168/168 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5656C1A03B5 for <dane@ietf.org>; Thu, 5 Jun 2014 19:13:31 -0700 (PDT)
Received: from new.toad.com (localhost.localdomain [127.0.0.1]) by new.toad.com (8.12.9/8.12.9) with ESMTP id s562DOBT022813 for <dane@ietf.org>; Thu, 5 Jun 2014 19:13:24 -0700
Message-Id: <201406060213.s562DOBT022813@new.toad.com>
To: dane@ietf.org
In-reply-to: <20140605235915.GR27883@mournblade.imrryr.org>
References: <20140605235915.GR27883@mournblade.imrryr.org>
Comments: In-reply-to Viktor Dukhovni <viktor1dane@dukhovni.org> message dated "Thu, 05 Jun 2014 23:59:16 -0000."
Date: Thu, 05 Jun 2014 19:13:24 -0700
From: John Gilmore <gnu@toad.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/dane/srGavItSr5Lcdv4m5oqXc1mkT-M
Subject: Re: [dane] RPK use-case high level problem statement
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane/>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Jun 2014 02:13:32 -0000

> Perhaps we can at least agree on the high-level problem statement:
> 
>     1. Some clients will support both X.509 and RPK TLS handshakes,
>        and will opportunistically negotiate RPK as an optimization.

Agreed.

>     2. Some subset of those clients with use DANE authentication to
>        authenticate whichever of X.509 or RPK is negotiated.

Agreed (s/with/will/).

>     3. Some subset of servers will have TLSA RRsets during transition
>        states, not currently defined as "misconfigured", such that
>        X.509 DANE TLSA authentication works, but RPK DANE TLSA
>        authentication fails, because the RPK-compatible TLSA RRs
>        match only past or future keys.

I do not agree with this and am still awaiting a communication from
you about why you think this will occur.  Normally, key transitions
are done by moving from publishing "current" keys, to "current/future"
keys by adding the future keys.  Those then become "past/current" keys
when the server's key itself changes, and then are moved to "current"
keys by dropping the past keys.

At no point do the TLSA records in a key rollover include only
"past/future" keys.  TLS would fail if they did so.

>     4. Somebody (client, server or both) should do something to avoid
>        unnecessary application failure under the above conditions.

Disagree, based on not seeing why 3 is anything but a mistake made
by naive or unskilled administrators.

>     5. We should probably write-up the potential problem cases,
>        and spell out client and server responsibilities and strategies
>        to avoid the problem cases.  Either client is conservative
>        and avoids opportunistic RPK, or server avoids publishing
>        potentially problematic RRsets or both.  We should probably
>        not recommend "retries" see [Footnote], but for some clients
>        retries might be a viable strategy.

I thought we had already done that by explaining in detail how to do
key rollovers.  See Appendix A.4 of RFC 6698.  If you try to change 
keys and you do it wrong, your service will become inaccessible.  The
cure is to do it right, not to contort the protocol.

PS- you do the same rollover process when changing the "A" record of
your server.  This is not specific to TLSA, DANE, DNSSEC, or RPK.
Would you argue that the protocol should somehow accommodate
administrators who, while trying to change their A record from 1.2.3.4
to 5.6.7.8, somehow foolishly publish 1.2.3.4 and 9.10.11.12?  Of
course when the server at 1.2.3.4 goes down, all attempts to connect
will be broken.  The server at 5.6.7.8 will be sitting there ready,
but nobody will connect to it.  There is no recovery until the "A"
records are corrected.  The TLSA situation is directly analogous.

	John

v2.23.0 | Report a Bug | By Email