IETF Logo Mail Archive

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

Benjamin Kaduk <bkaduk@akamai.com> Tue, 10 April 2018 16:49 UTC

Return-Path: <bkaduk@akamai.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D70EB12D574 for <tls@ietfa.amsl.com>; Tue, 10 Apr 2018 09:49:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.711
X-Spam-Level:
X-Spam-Status: No, score=-2.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nli1tn0j0Jrv for <tls@ietfa.amsl.com>; Tue, 10 Apr 2018 09:49:02 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89AD7126C89 for <tls@ietf.org>; Tue, 10 Apr 2018 09:49:02 -0700 (PDT)
Received: from pps.filterd (m0050095.ppops.net [127.0.0.1]) by m0050095.ppops.net-00190b01. (8.16.0.22/8.16.0.22) with SMTP id w3AGmac0004890 for <tls@ietf.org>; Tue, 10 Apr 2018 17:49:02 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=date : from : to : subject : message-id : references : mime-version : content-type : in-reply-to; s=jan2016.eng; bh=NZumUz45TgudO/81vdfBQNRG4xMvBAMqc1vmGhGmaTo=; b=FcQ+A4Rxr0MYgBzciXXtdN7L2WHJzA5S9R5qPV7ol6NMXeikc3+5Tl+RFHpKdASUmv2Y /m3j96U5Jgm0iirlbnG8flyhzkvXnpENZq0jhPvRLvJtNG67fJBD4T30+7AjDTvqyQKz 0svmFnzWxNB1WirDFksHAn/gXcbCtw0fZpLrg6nzVIvxugvVXUyCZ/B3Fec9Nt5Bj4h6 ZezgFKXRVFlLYp+vxCCcvY2J/vCRGvBO3LfSqlXUZ3HwXJ6F4+2B4rQYKUJUyIkw02dv WMdwaNNbSuEqZLgK/0UjfCaKiiXVvpIDE056YIvyG+TcgwsCFCKZ9Ef6IXO03hbG7ocN MA==
Received: from prod-mail-ppoint2 (prod-mail-ppoint2.akamai.com [184.51.33.19]) by m0050095.ppops.net-00190b01. with ESMTP id 2h6s6y9tax-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <tls@ietf.org>; Tue, 10 Apr 2018 17:49:02 +0100
Received: from pps.filterd (prod-mail-ppoint2.akamai.com [127.0.0.1]) by prod-mail-ppoint2.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w3AGkbcV014322 for <tls@ietf.org>; Tue, 10 Apr 2018 12:49:00 -0400
Received: from prod-mail-relay10.akamai.com ([172.27.118.251]) by prod-mail-ppoint2.akamai.com with ESMTP id 2h6saum3mq-1 for <tls@ietf.org>; Tue, 10 Apr 2018 12:48:59 -0400
Received: from bos-lpczi.kendall.corp.akamai.com (bos-lpczi.kendall.corp.akamai.com [172.19.17.86]) by prod-mail-relay10.akamai.com (Postfix) with ESMTP id AB765287DF for <tls@ietf.org>; Tue, 10 Apr 2018 16:48:59 +0000 (GMT)
Received: from bkaduk by bos-lpczi.kendall.corp.akamai.com with local (Exim 4.86_2) (envelope-from <bkaduk@akamai.com>) id 1f5wS2-00029c-Ua for tls@ietf.org; Tue, 10 Apr 2018 11:48:58 -0500
Date: Tue, 10 Apr 2018 11:48:58 -0500
From: Benjamin Kaduk <bkaduk@akamai.com>
To: TLS WG <tls@ietf.org>
Message-ID: <20180410164858.GK17433@akamai.com>
References: <CAOgPGoAhzEtxpW5mzmkf2kv3AcugNy0dAzhvpaqrTSuMSqWqfw@mail.gmail.com> <CAHPuVdXfVQ5ZYL+dTvFeTfOaz2NNPrqxvnWuqJkxu0aaKDF_Sg@mail.gmail.com> <FF625003-7174-4F11-8AB8-7F6F2DE28C4F@dukhovni.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <FF625003-7174-4F11-8AB8-7F6F2DE28C4F@dukhovni.org>
User-Agent: Mutt/1.5.24 (2015-08-30)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-04-10_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1804100160
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-04-10_06:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1804100160
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/-0Hgky_irHBaX1F6q-Q35PfKX2Y>
Subject: Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Apr 2018 16:49:04 -0000

Hi Viktor,

With no hats.

On Tue, Apr 10, 2018 at 10:20:01AM -0400, Viktor Dukhovni wrote:
> 
> 
> > On Apr 10, 2018, at 9:48 AM, Shumon Huque <shuque@gmail.com> wrote:
> > 
> > But I would also like to publish a document that has the solid
> > consensus of the community that is one of key potential target
> > consumers of this draft (web browsers and servers). So I'm giving
> > more weight to their views and preferences. To date, the only
> > people from that community that have spoken up have expressed
> > strong opposition to Viktor's proposed enhancement.
> 
> There'll be negligible adoption of this draft as-is by Web Server
> operators on the public Internet.  It offers them all pain and no
> gain.  ZERO additional security over and above what they get with
> Let's Encrypt, only additional operational complexity and a new
> way to fail when the client supports DANE and the TLSA records
> are stale.

I'd like to expand the discussion a little bit, on the question of
what the goals of this document are, as well as that they should be.
Your text above seems to imply that you see the goal of the document
as being a security mechanism to DANE-authenticate TLS connections.
But it's not clear to me that this is the best reading of the current
document text.  Re-quoting some text you had included in the thread
previously:

   [...] The intent of this
   proposal is to allow TLS clients to perform DANE Authentication
   [RFC6698] [RFC7671] of a TLS server without performing additional DNS
   record lookups and incurring the associated latency penalty.  It also
   provides the ability to avoid potential problems with TLS clients
   being unable to look up DANE records because of an interfering or
   broken middlebox on the path between the client and a DNS server
   [HAMPERING].  And lastly, it allows a TLS client to validate the
   server's DANE (TLSA) records itself without needing access to a
   validating DNS resolver to which it has a secure connection.

   This mechanism is useful for TLS applications that need to address
   the problems described above, typically web browsers or SIP/VoIP
   [RFC3261] and XMPP [RFC7590]. [...]

I'd like to see if we can agree on what "the problems described above" are.
I am reading the quoted text to say that the problems are:

1) needing to incur additional latency by doing DNS lookups
2) interfering/broken middleboxes that drop DANE records
3) needing a secure connection to a validating resolver

While it is true that performing DANE Authentication generally does have
a security role, the three items I list above are essentially matters of
convenience, and not themselves relevant for security.  In this sense, the
immediate goal of the document is more to play a role as a transport than to
provide security directly.

I concede that it remains useful to consider what the client will do
with the received DANE records or denial thereof, so as to not unduly
block off future routes for development.  But it seems at least possible to take
a very broad view in this space, including even the possibility of additional
TLS extensions that can modify the behavior of this one (such as a modification
to provide pinning-like behavior).  Such extensions could be introduced closer
in time to when the desire to implement and use such behavior appears.

So, can we ask ourselves what we intend to get from the document?  I suspect
that the vehemence of disagreement being presented stems from a disagreement
in the goals we are seeking to achieve.

-Ben

v2.23.0 | Report a Bug | By Email