Re: [saag] Gen-art LC review of draft-ietf-dane-ops-12
Elwyn Davies <elwynd@dial.pipex.com> Tue, 23 June 2015 14:58 UTC
Return-Path: <elwynd@dial.pipex.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 176481B2CD3; Tue, 23 Jun 2015 07:58:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.9
X-Spam-Level:
X-Spam-Status: No, score=-101.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, USER_IN_WHITELIST=-100] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id U6G8JT-BoFGh; Tue, 23 Jun 2015 07:58:33 -0700 (PDT)
Received: from b.painless.aa.net.uk (b.painless.aa.net.uk [IPv6:2001:8b0:0:30::51bb:1e34]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5B271B2C75; Tue, 23 Jun 2015 07:58:33 -0700 (PDT)
Received: from 4.6.9.9.c.3.f.6.1.7.6.6.5.a.4.d.1.0.0.0.f.b.0.0.0.b.8.0.1.0.0.2.ip6.arpa ([2001:8b0:bf:1:d4a5:6671:6f3c:9964]) by b.painless.aa.net.uk with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77) (envelope-from <elwynd@dial.pipex.com>) id 1Z7Peh-0001gw-FR; Tue, 23 Jun 2015 15:58:31 +0100
Message-ID: <5589741C.3020105@dial.pipex.com>
Date: Tue, 23 Jun 2015 15:58:36 +0100
From: Elwyn Davies <elwynd@dial.pipex.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.7.0
MIME-Version: 1.0
To: saag@ietf.org, dane@ietf.org
References: <558851A5.20803@dial.pipex.com> <20150622185239.GU14121@mournblade.imrryr.org> <558953F3.5040503@dial.pipex.com> <20150623134227.GZ14121@mournblade.imrryr.org>
In-Reply-To: <20150623134227.GZ14121@mournblade.imrryr.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/saag/HTlB8wJY_w8hivX-Pn8u5xHvfOU>
X-Mailman-Approved-At: Sun, 28 Jun 2015 08:41:30 -0700
Subject: Re: [saag] Gen-art LC review of draft-ietf-dane-ops-12
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Jun 2015 14:58:36 -0000
Hi, Viktor. Thanks for clearing up my misunderstanding. I think it would be worth a sentence or two along the lines of what you have written below to clarify why OS is potentially more badly affected by fragile PKIX-xx behaviour. Cheers, Elwyn On 23/06/2015 14:42, Viktor Dukhovni wrote: > On Tue, Jun 23, 2015 at 01:41:23PM +0100, Elwyn Davies wrote: > >>> Since the OS client is basing the decision to employ DANE on the >>> presence of TLSA RRs in DNS, no additional security is gained via >>> the PKIX usages unless they are the only ones supported by the >>> application protocol (the attacker who compromises DNS can just >>> inject "3 1 1" records instead). So DANE-xx is more reliable >>> at no security loss. Thus PKIX-xx is just a needless opportunity >>> to fail that should be avoided. >> Maybe I have misunderstood how OS is intended to behave. I thought I >> understood that if the client was able to handle OS and it was not able to >> authenticate the server then it would potentially try for encryption only. > No, that is not the case. With opportunistic DANE TLS, when usable > secure (i.e. DNSSEC validated) TLSA records are present, but > authentication fails, there is typically no fallback to unauthenticated > TLS (mitigate downgrade attacks), for example: > > https://tools.ietf.org/html/draft-ietf-dane-smtp-with-dane-19#section-3.2 > >> Is the problem that there is a difference between there being no >> authentication available for a domain and an attempted authentication >> failing (aside from any explicit policy declared by server or client) when >> using OS? > Yes, when no usable secure DANE TLSA records are absent, unauthenticated > TLS is used if possible, and if not perhaps even cleartext. However, > when TLSA records are published authentication must succeed. Thus > PKIX-xx auth are to be avoided, because outside the browser space, > there is no pre-ordained canon of trusted CAs, and in any case > there is no value in using them when DANE-xx usages are also > supported. For most application protocols there should be a clear > statement of which of the two pairs apply (DANE-xx or PKIX-xx) and > the other pair should not be used. >
- Re: [saag] Gen-art LC review of draft-ietf-dane-o… Viktor Dukhovni
- Re: [saag] Gen-art LC review of draft-ietf-dane-o… Viktor Dukhovni
- Re: [saag] Gen-art LC review of draft-ietf-dane-o… Elwyn Davies
- Re: [saag] Gen-art LC review of draft-ietf-dane-o… Elwyn Davies