[keyassure] [dane] #22: Provide the security of the strongest digest supported by both sides
"dane issue tracker" <trac+dane@trac.tools.ietf.org> Mon, 21 March 2011 18:18 UTC
Return-Path: <trac+dane@trac.tools.ietf.org>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 870D528C19B for <keyassure@core3.amsl.com>; Mon, 21 Mar 2011 11:18:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QymGkELdM4Ms for <keyassure@core3.amsl.com>; Mon, 21 Mar 2011 11:18:02 -0700 (PDT)
Received: from zinfandel.tools.ietf.org (unknown [IPv6:2001:1890:1112:1::2a]) by core3.amsl.com (Postfix) with ESMTP id BDC1428C199 for <keyassure@ietf.org>; Mon, 21 Mar 2011 11:18:02 -0700 (PDT)
Received: from localhost ([::1] helo=zinfandel.tools.ietf.org) by zinfandel.tools.ietf.org with esmtp (Exim 4.74) (envelope-from <trac+dane@trac.tools.ietf.org>) id 1Q1jhX-00028A-69; Mon, 21 Mar 2011 11:19:35 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: dane issue tracker <trac+dane@trac.tools.ietf.org>
X-Trac-Version: 0.11.7
Precedence: bulk
Auto-Submitted: auto-generated
X-Mailer: Trac 0.11.7, by Edgewall Software
To: matt@mattmccutchen.net
X-Trac-Project: dane
Date: Mon, 21 Mar 2011 18:19:35 -0000
X-URL: http://tools.ietf.org/dane/
X-Trac-Ticket-URL: http://trac.tools.ietf.org/wg/dane/trac/ticket/22
Message-ID: <061.e0845de87f7a8d8d863b8ef546890255@trac.tools.ietf.org>
X-Trac-Ticket-ID: 22
X-SA-Exim-Connect-IP: ::1
X-SA-Exim-Rcpt-To: matt@mattmccutchen.net, keyassure@ietf.org
X-SA-Exim-Mail-From: trac+dane@trac.tools.ietf.org
X-SA-Exim-Scanned: No (on zinfandel.tools.ietf.org); SAEximRunCond expanded to false
Cc: keyassure@ietf.org
Subject: [keyassure] [dane] #22: Provide the security of the strongest digest supported by both sides
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Mar 2011 18:18:03 -0000
#22: Provide the security of the strongest digest supported by both sides I posit that as a general principle, security protocols that support several alternative algorithms should provide the strength of the strongest algorithm supported by both sides. (TLS generally does this in the absence of active attacks.) For DANE, this principle means that I should be able to publish SHA-256 and SHA-512 digests in such a way that a client that supports SHA-512 gets the strength of SHA-512 and a client that supports only SHA-256 still works. This is not possible under the current design of the TLSA RRset. If I publish SHA-256 and SHA-512 digests, then clients that support SHA-512 will still accept any certificate that matches the SHA-256 digest. Indeed, there is no way for them to distinguish this scenario from one in which I have published the SHA-256 of one certificate and the SHA-512 of a different certificate. The necessary and sufficient fix is to indicate which digests refer to the same certificate, either via an ID number or by just putting all the digests of the same certificate in the same RR. The TLSA RRset is based on the DNSSEC DS RRset, which has the same problem. The DS RR contains a key tag, which could almost be used as an ID number, but [https://tools.ietf.org/html/rfc4034#appendix-B RFC 4034 Appendix B] says, "Implementations MUST NOT assume that the key tag uniquely identifies a DNSKEY RR." I would like to get the problem fixed in DNSSEC too, but I have not looked into that yet. -- ------------------------------------+--------------------------------------- Reporter: matt@… | Owner: Type: defect | Status: new Priority: major | Milestone: Component: protocol | Version: Severity: - | Keywords: ------------------------------------+--------------------------------------- Ticket URL: <http://trac.tools.ietf.org/wg/dane/trac/ticket/22> dane <http://tools.ietf.org/dane/>
- [keyassure] [dane] #22: Provide the security of t… dane issue tracker
- Re: [keyassure] [dane] #22: Provide the security … dane issue tracker