Re: [keyassure] TLSA record does not mandate the given certificate

Zack Weinberg <zack.weinberg@sv.cmu.edu> Mon, 28 March 2011 20:59 UTC

Return-Path: <zack.weinberg@gmail.com>
X-Original-To: keyassure@core3.amsl.com
Delivered-To: keyassure@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 62DDF28C0F0 for <keyassure@core3.amsl.com>; Mon, 28 Mar 2011 13:59:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.477
X-Spam-Level:
X-Spam-Status: No, score=-2.477 tagged_above=-999 required=5 tests=[AWL=-0.500, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XUUOXmFIksJA for <keyassure@core3.amsl.com>; Mon, 28 Mar 2011 13:59:49 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by core3.amsl.com (Postfix) with ESMTP id 6D8D43A693D for <keyassure@ietf.org>; Mon, 28 Mar 2011 13:59:49 -0700 (PDT)
Received: by vxg33 with SMTP id 33so3098644vxg.31 for <keyassure@ietf.org>; Mon, 28 Mar 2011 14:01:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=O1W18n+OkWnwMCY0e2EwAUl1zuwTWaTHhLsJmRQ17VU=; b=fNmaZxJQuNaOCgBzL2Ds0um9cBj2ty+FSBkcp8F41XeratohSVoKEOI9K46Gvu0v72 xbcCdz3tELzmOAbIrKuVLt65VNtxmhem5R17Z64rJZTZTAJakB0Wd2uDKcdP072JJoh3 79J0DgJE8r8xHRlicoN821/CwUgxEn1REOYVo=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=EqQQAy1s00uDPGGCjRovN3fdxIov/otS5vweGoU7FsmyXr9aKyIIWiQFzSQ8Luatrt MXFRpcJ/YpdnUVlZ3ac0wVCi5xJrBM/t7Tjc13j4queQccDzznFEN41LG/dW5Zk47nQ6 PhyKPRGE9v4eRrPprh/JEorjGwRftDC9hPIxk=
MIME-Version: 1.0
Received: by 10.52.74.226 with SMTP id x2mr6231387vdv.264.1301346086795; Mon, 28 Mar 2011 14:01:26 -0700 (PDT)
Sender: zack.weinberg@gmail.com
Received: by 10.52.166.34 with HTTP; Mon, 28 Mar 2011 14:01:26 -0700 (PDT)
In-Reply-To: <4672.1301340852@marajade.sandelman.ca>
References: <AANLkTikregQCBOovJz4yrcyet+60yT0EMxRkXFw0wqVi@mail.gmail.com> <4672.1301340852@marajade.sandelman.ca>
Date: Mon, 28 Mar 2011 14:01:26 -0700
X-Google-Sender-Auth: FjOp-KjJ7MkFzssRStlgu6gXyA8
Message-ID: <AANLkTinX7KDrHTzp996yNodFqkPhNdhyM5umA7yKH+iG@mail.gmail.com>
From: Zack Weinberg <zack.weinberg@sv.cmu.edu>
To: Michael Richardson <mcr@sandelman.ca>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Cc: keyassure@ietf.org
Subject: Re: [keyassure] TLSA record does not mandate the given certificate
X-BeenThere: keyassure@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Key Assurance With DNSSEC <keyassure.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/keyassure>
List-Post: <mailto:keyassure@ietf.org>
List-Help: <mailto:keyassure-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/keyassure>, <mailto:keyassure-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Mar 2011 20:59:50 -0000

On Mon, Mar 28, 2011 at 12:34 PM, Michael Richardson <mcr@sandelman.ca> wrote:
>
> {I think you should start three threads for your three proposals}

It is one proposal.  I could split out the additional text about
non-security use, but apart from that, it doesn't make sense to try to
break up the changes.

> I can't parse "yes"/"no" in the above sentence.
> Do you mean:
>
>  A TLSA record for site S specifying certificate X forbids a compliant
>  client from proceeding with the handshake if it receives certificate Y.
>
> or do you mean to object to this statement?  I think you mean to support
> it but I couldn't tell from the overview, and only from the text you supplied.

I mean to support it.  This is meant to be clear from this text of the proposal:

>    Zack> The presence in the DNS of a trusted TLSA record is an assertion
>    Zack> by the zone administrator that the legitimate server(s) for that
>    Zack> host, protocol, and port will use certificate bundles that can be
>    Zack> associated with the domain name by that record (as defined in
>    Zack> section 3.1), and no others.
>
>    Zack> Therefore, a DANE client in possession of a trusted TLSA record
>    Zack> for a server MUST determine whether that TLSA record associates
>    Zack> the server's domain name with the certificate bundle it provides
>    Zack> in the TLS handshake.  If it does not, a DANE client MUST reject
>    Zack> the end-entity certificate and abort the TLS handshake with an
>    Zack> "access_denied" error.  This rule applies even if the end-entity
>    Zack> certificate would have been trusted in the absence of the TLSA
>    Zack> record.

If it's not, please let me know how I could improve it.

zw