Re: [keyassure] Objective: Restrictive versus Supplementary Models

Martin Rex <mrex@sap.com> Thu, 31 March 2011 13:00 UTC

Return-Path: <mrex@sap.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0E43128C16A for <keyassure@core3.amsl.com>; Thu, 31 Mar 2011 06:00:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.22
X-Spam-Level:
X-Spam-Status: No, score=-10.22 tagged_above=-999 required=5 tests=[AWL=0.029, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OvPe-9IawU3l for <keyassure@core3.amsl.com>; Thu, 31 Mar 2011 06:00:38 -0700 (PDT)
Received: from smtpde02.sap-ag.de (smtpde02.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id BC5F63A6B12 for <keyassure@ietf.org>; Thu, 31 Mar 2011 06:00:37 -0700 (PDT)
Received: from mail.sap.corp by smtpde02.sap-ag.de (26) with ESMTP id p2VD2AEO011624 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 31 Mar 2011 15:02:15 +0200 (MEST)
From: Martin Rex <mrex@sap.com>
Message-Id: <201103311302.p2VD2AWx020816@fs4113.wdf.sap.corp>
To: ekr@rtfm.com (Eric Rescorla)
Date: Thu, 31 Mar 2011 15:02:10 +0200 (MEST)
In-Reply-To: <AANLkTinxXhxisrNh0sE83jceQQjvYde-9cJ2L+qxW4uG@mail.gmail.com> from "Eric Rescorla" at Mar 31, 11 07:07:33 am
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: keyassure@ietf.org
Subject: Re: [keyassure] Objective: Restrictive versus Supplementary Models
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: mrex@sap.com
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Mar 2011 13:00:39 -0000

Eric Rescorla wrote:
> 
> On Thu, Mar 31, 2011 at 2:38 AM, Martin Rex <mrex@sap.com> wrote:
> > Martin Rex wrote:
> >>
> >> >
> >> > I think this is an important consideration. However a relevant
> >> > question for a 2119-level MUST seems to be whether we wish to have
> >> > this data rejected if not DNSSEC signed.
> >> > What's your view on that?
> >>
> >> I'm much less worried about false positives resulting in DoS, which
> >> can be more easily achieved attacking at the network layer (IP, TCP).
> >
> > Actually, a DoS based on spoofing an DANE TLSA record with incorrect
> > data and a long TTL into a DNS cache might turn out to be devastatingly
> > effective when unsiged TLSA records are accepted.
> 
> How is this different from a spoofed A record with a long TTL?

In a first round of attack, the attacker inserts a fake unsigned
TLSA record (DNS poisoning) that the victim is accessing with TLS
frequently and where the DNS admin is not using DNSSEC.

After constantly running into validation failures although one is
connecting to the correct server and gets presented the correct
TLS server cert, either his help desk or the victim will disable DANE
or switch to a browser that doesn't have it yet.  At that point
the victim becomes vulnerable to mis-issued certs even for sites
where the DNS admin uses DANE with DNSSEC.

-Martin