Re: [dane] Lukewarm discussion: DANE for opportunistic TLS protocols

Nicholas Weaver <> Fri, 21 February 2014 15:01 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id B3A3E1A0179 for <>; Fri, 21 Feb 2014 07:01:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.449
X-Spam-Status: No, score=-2.449 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.548, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qvtLrJcpR1CZ for <>; Fri, 21 Feb 2014 07:01:23 -0800 (PST)
Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU []) by (Postfix) with ESMTP id DE5D41A0172 for <>; Fri, 21 Feb 2014 07:01:22 -0800 (PST)
Received: from localhost (localhost.localdomain []) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 3B4BE2C402A; Fri, 21 Feb 2014 07:01:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU
Received: from rock.ICSI.Berkeley.EDU ([]) by localhost (maihub.ICSI.Berkeley.EDU []) (amavisd-new, port 10024) with LMTP id L767yMibcsDL; Fri, 21 Feb 2014 07:01:16 -0800 (PST)
Received: from ( []) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 90A8E2C400A; Fri, 21 Feb 2014 07:01:16 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_BDCABE8E-3F0B-4FCF-ADBF-F8426A820BF9"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 7.1 \(1827\))
From: Nicholas Weaver <>
In-Reply-To: <>
Date: Fri, 21 Feb 2014 07:01:16 -0800
Message-Id: <>
References: <> <> <> <>
To: Phillip Hallam-Baker <>
X-Mailer: Apple Mail (2.1827)
Cc: Paul Hoffman <>, "<>" <>
Subject: Re: [dane] Lukewarm discussion: DANE for opportunistic TLS protocols
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DNS-based Authentication of Named Entities <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 21 Feb 2014 15:01:24 -0000

On Feb 21, 2014, at 6:42 AM, Phillip Hallam-Baker <> wrote:
> DANE has a last mile problem because you can't know if the DNSSEC record has been stripped out by an attacker or by some local network firewall.

The client can know.  It starts by asking for DNSKEY for ., etc.  Because you have NSEC/NSEC3 provable denial of existence, you can know if DNSSEC records are being stripped.

In particular, the problem for this tends to be internet cafes and the like.  Home networks tend to be atrocious on the DNS proxies, but the client can usually go around them and get things directly.  Business network firewalls may restrict client DNS, but they usually operate properly and the recursive resolver itself supports DNSSEC.

Its the net cafes, hotels, etc (basically, anything with a captive portal) which combines both a crappy DNS proxy AND DNS access restrictions that is the problem.

> The way to cut the Gordian knot here is to provide an efficient way to retrieve all the information necessary to set up a request in one lookup. That solves the last mile problem and the multiple lookup problem at the same time.

Agreed, with a minor caveat.  

The only disadvantage is that on the server side you need to get this data fairly frequently, since the timeout may be fast (first expiring RRSIG on the chain of validation from . to the DANE record), which means the very rarely updating certificate store model common to web servers isn't appropriate, but that's no real-big-deal.

Nicholas Weaver                  it is a tale, told by an idiot,                full of sound and fury,
510-666-2903                                 .signifying nothing