IETF Logo Mail Archive

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

Richard Barnes <rlb@ipv.sx> Fri, 13 April 2018 20:38 UTC

Return-Path: <rlb@ipv.sx>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8061A129515 for <tls@ietfa.amsl.com>; Fri, 13 Apr 2018 13:38:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.609
X-Spam-Level:
X-Spam-Status: No, score=-2.609 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, T_DKIMWL_WL_MED=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ipv-sx.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sr4ShTdWBoJu for <tls@ietfa.amsl.com>; Fri, 13 Apr 2018 13:38:57 -0700 (PDT)
Received: from mail-oi0-x236.google.com (mail-oi0-x236.google.com [IPv6:2607:f8b0:4003:c06::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0FFF8127978 for <tls@ietf.org>; Fri, 13 Apr 2018 13:38:57 -0700 (PDT)
Received: by mail-oi0-x236.google.com with SMTP id z8-v6so9540615oix.2 for <tls@ietf.org>; Fri, 13 Apr 2018 13:38:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipv-sx.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=0ZKiA3HrqThNVPfzAcupe2Oym7qPcTwwMmmbaeEj8iw=; b=rYDA4mH1AU62Ap7S3QCgAnZy/7/y39KUvyPrkB04mDfi0l9jagJ7mmX8lXjYdrto6I IRgr9p16reJcxiRLV9dHYrjFF7XRPXR2ola+maRlka774h/FWxcDpkmokzPzvGJ0tGAk Sq5cCcoSwjPjYwsF0faoVD6xT97Vbp6yCIiy8CWkMOFv/CY/x7LY4q7pNPhD5N0LyIuj Zghu0KlEuOmWDKQYIumibUDr3+o6CYjxtRThDp9poZ1bBGpBGHjPnRpK9WeDQZu+bR2D KcpGBgRAvqOr69haJl4XrCT+hvS5UWCWTxv0EtCjyrK1A6rWTOVsErNdkHHVyPK7FO17 vsLQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=0ZKiA3HrqThNVPfzAcupe2Oym7qPcTwwMmmbaeEj8iw=; b=lxeqdwKvuA/RN5VjMSzyCk1TfAA5mu8lRmG3v5gcn750IyGHPdirty5PVbLwAYZhhH QD9xVqLmxPPFgx8PaN0Jrp0uEHtpoyZ0052oM3yhUxfqc3VOpHGa+UHvt08KhUgFcg6o B7Bk3yuF5I6BTMSas+sbbsKP4M3erztzJ3qkeDhN5UqjtsuEuiLx0EEhBcWv8x3E/8GM zGya0HxxE1/DZCQ8/dGuTn9mey9TZT6Vu8KvrS/oVSXMjV8kfEechuZLfe1cCxDxEc8p ZIszoYpxDB4Hf8OUnQ2KFtY4/sTz9kn8jac5524NBPqtkiWLgcZj6G6WzB+X0x1LO7jg x4cQ==
X-Gm-Message-State: ALQs6tDMd7XD7enyLyR4gXNxN6V8iKYjNUrMOBPm/NCosm/MDIGRrpAO G/7Wl4Y5Z/R/c8O5bmkxwCkaXISIqjlV9Y4sG52Vgqyb
X-Google-Smtp-Source: AIpwx4/nSYnlrc/YQ+QUfkc07QHFQv06wGSw1pEqsGj427f04T21W0L2Bm3Tzqa204axSg4rNb+SF6P97x+HzP8dTQY=
X-Received: by 2002:aca:d0d5:: with SMTP id j82-v6mr9622078oiy.276.1523651936305; Fri, 13 Apr 2018 13:38:56 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.201.90.67 with HTTP; Fri, 13 Apr 2018 13:38:55 -0700 (PDT)
In-Reply-To: <20180413202936.GX25259@localhost>
References: <alpine.LRH.2.21.1804120438460.24369@bofh.nohats.ca> <CAL02cgSuTOaT_NwnpXaa8DPhNJhzqZwepRL+J29BzcBfCTDtHw@mail.gmail.com> <CAHbuEH78KNyk8fnHThRkCERKPjZzYppi1uhkDx6kL_t448q0_g@mail.gmail.com> <20180412175441.GD20782@akamai.com> <6db83a59-1f0f-f552-0d48-6e2a8d43f602@nomountain.net> <CABkgnnUwOjkY1_KejV-YOw3YRqjFfzaYurEY1OpZ8phQVhcWLg@mail.gmail.com> <114FE78D-F340-4752-BEF0-459FE1548A80@dukhovni.org> <aa7ca33a-4acd-c770-a43c-df7a1f66c782@nlnetlabs.nl> <E3918F11-9AD7-4C06-9173-5175ECACD16B@dukhovni.org> <CABcZeBP6-7_NNmC+7iVnNXbQw7p3jJH4eC1-EjY4C4CwdWWNcg@mail.gmail.com> <20180413202936.GX25259@localhost>
From: Richard Barnes <rlb@ipv.sx>
Date: Fri, 13 Apr 2018 16:38:55 -0400
Message-ID: <CAL02cgTAwwHtFGFh4n1GJ-ApFjKv36o2-uo7+=sXNJ+pztCXsQ@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Cc: Eric Rescorla <ekr@rtfm.com>, TLS WG <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006cd8910569c0dcc1"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/AGdRnXuo0_id55ebzMZc9hG8PnI>
Subject: Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 13 Apr 2018 20:38:59 -0000

On Fri, Apr 13, 2018 at 4:30 PM, Nico Williams <nico@cryptonector.com>
wrote:

> On Thu, Apr 12, 2018 at 04:10:27PM -0700, Eric Rescorla wrote:
> > On Thu, Apr 12, 2018 at 4:06 PM, Viktor Dukhovni <ietf-dane@dukhovni.org
> >
> > wrote:
> > > Proposed text:
> > >
> > >    When the server has DNSSEC-signed TLSA records, the first RRset in
> > >    the chain MUST contain the TLSA record set being presented.
> > >    However, ...
> > >
> > >    When the server either has no TLSA records, or its domain is not
> > >    DNSSEC-signed, it is RECOMMENDED that the server return a denial
> > >    of existence of either the TLSA records, or proof of insecure
> > >    delegation at some parent domain, rather than omit the extension.
> > >    Clients that are willing to fall back from DANE to some alternative
> > >    mechanism may require the denial of existence to make that possible.
> > >
> >
> > I believe that that this text would harm ineteroperability.
> >
> > The difficulty here is what the server knows about the clients behavior.
> > Specifically, if the server serves TLSA records and then ceases doing
> > without serving authenticated denial of existence, then it is unable to
> > determine if this would cause clients to fail because it doesn't know if
> > the client implements the text in the final paragraph. One could argue
> > that current clients could pin, but that's totally extratextual, as
> opposed
> > t having a noninteroperable behavior in the document.
>
> It's better to send the denial of existence than no extension -- the
> client could just as well be pinning (because the I-D said it could, or
> because the client does it regardless), and not having extension then
> will cause failure.
>
> Now, clients that don't do opportunistic pinning would have to... notice
> the lack of TLSA RRs, but not necessarily bother validating the denial
> of existence chain.  There's not even a need to say that the client
> SHOULD (let alone MUST) validate the denial of existence chain.  It
> suffices that the server SHOULD send it.
>

Sure seems like it would be simpler to say "Client MUST NOT cache TLSA
state".  Yes, that cuts off some use cases.  But it avoids all the
transition pain that EKR has pointed out.

--Richard



>
> Nico
> --
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>

v2.23.0 | Report a Bug | By Email