Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

Paul Wouters <paul@nohats.ca> Mon, 12 March 2018 18:30 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EC5C12426E; Mon, 12 Mar 2018 11:30:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rsG3Puem4uzx; Mon, 12 Mar 2018 11:30:03 -0700 (PDT)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4F5681200F1; Mon, 12 Mar 2018 11:30:03 -0700 (PDT)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 400RNl5cqszFD2; Mon, 12 Mar 2018 19:29:59 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1520879399; bh=rztGlBKZUmjJ+q3WyohDS1iPXo8TQ/XyDYQsNNWzhx0=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=Cuqo7YutihEG+Ovji/CjsvezEnyVX/nSsADUL2ED2yjyzV73qkK82hV69vpl6ZiR9 ZOSDAexOIn9xfyRcK4ULsN5gZHpch7RxIKDsKzh+EE1NSImrQhnpgHUsZho0ELbJJX aLIVjzFR3PnAhaKNDB2BlLwW4hLS1IjzlrFeaHU8=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id 4ShJYhpPkENU; Mon, 12 Mar 2018 19:29:57 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [76.10.157.69]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Mon, 12 Mar 2018 19:29:56 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 08F89366701; Mon, 12 Mar 2018 14:29:55 -0400 (EDT)
DKIM-Filter: OpenDKIM Filter v2.11.0 bofh.nohats.ca 08F89366701
Received: from localhost (localhost [127.0.0.1]) by bofh.nohats.ca (Postfix) with ESMTP id EFDF140008A0; Mon, 12 Mar 2018 14:29:55 -0400 (EDT)
Date: Mon, 12 Mar 2018 14:29:55 -0400 (EDT)
From: Paul Wouters <paul@nohats.ca>
To: Willem Toorop <willem@nlnetlabs.nl>
cc: Shumon Huque <shuque@gmail.com>, Eric Rescorla <ekr@rtfm.com>, TLS WG <tls@ietf.org>, draft-ietf-tls-dnssec-chain-extension@ietf.org, The IESG <iesg@ietf.org>, tls-chairs <tls-chairs@ietf.org>
In-Reply-To: <bb6753af-2050-451c-32ae-c49426a885d8@nlnetlabs.nl>
Message-ID: <alpine.LRH.2.21.1803121421420.23254@bofh.nohats.ca>
References: <151801408058.4807.6327251050641650375.idtracker@ietfa.amsl.com> <CAHPuVdUgZLUf5M8ir=610mvERwQzPhbhGGOyW5s552JtP8d05g@mail.gmail.com> <CABcZeBOST2X0-MH2hhzpPJaUkbY++udsUV1bMnMhH2V2wQRPmA@mail.gmail.com> <CAHPuVdUs7mUJiqZjFjLDCNmHHGR9AP-g5YaLLbJj-zkDKd=_-w@mail.gmail.com> <alpine.LRH.2.21.1802211425260.7767@bofh.nohats.ca> <CAHPuVdX=_6b5g572-T-9Ccwek-WwL11KdTVwV9oNC9LaO5=0=Q@mail.gmail.com> <alpine.LRH.2.21.1802260913290.9977@bofh.nohats.ca> <bb6753af-2050-451c-32ae-c49426a885d8@nlnetlabs.nl>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/AqR20GQFcF_AqIvTkPBAvPY4xh0>
Subject: Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2018 18:30:05 -0000

On Mon, 5 Mar 2018, Willem Toorop wrote:

> No Paul, the division in sections is irrelevant for a verifier.  The
> only bit of information in a DNS message that is used by a verifier is
> the question.  From the question, validation starts and the relevant
> records are followed and verified.  But the question section is also not
> needed as the question can be derived from the name and port of the
> service, i.e. <port>._tcp.<name>. TLSA
>
> The order described in the draft is both an optimization to reduce the
> number of times a verifier has to go over the RRs, and it makes the
> content easier to read (and understand) for humans too.
>
> Also, for non existence answers, DNSSEC validators (and thus also a
> verifier for the chain extension) simply ignore the DNS message header.
> Proof of non-existence can and must be derived from the set of RRs in
> the message body/sections too.

Willem (and Shumon and Viktor) have convinced me the DNS Header and
Sections are not needed.

> The extension already supports Denial of Existence proof b.t.w., because
> it is also needed for wildcard expansions (which are supported).

The issue here is the requirement of the TLS server to send these
records in the absence of any TLS record. This allows the clients to
detect a rogue webserver cert that is valid in webPKI but not valid
based on DANE. Without this commitment, the TLS extension does not
really work, as it can be omitted by an attacker.

Paul