Re: [TLS] Adam Roach's Yes on draft-ietf-tls-dnssec-chain-extension-06: (with COMMENT)
Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 07 February 2018 03:28 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33463127599; Tue, 6 Feb 2018 19:28:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HwXLWubfZQ6S; Tue, 6 Feb 2018 19:28:36 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 227FB124D37; Tue, 6 Feb 2018 19:28:36 -0800 (PST)
Received: from [192.168.1.161] (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id 20FC57A3309; Wed, 7 Feb 2018 03:28:35 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <151797357502.25862.16667889525841537162.idtracker@ietfa.amsl.com>
Date: Tue, 06 Feb 2018 22:28:33 -0500
Cc: The IESG <iesg@ietf.org>, tls@ietf.org, draft-ietf-tls-dnssec-chain-extension@ietf.org, tls-chairs@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <23185062-60CA-4BA6-BAA5-5DDD6279558B@dukhovni.org>
References: <151797357502.25862.16667889525841537162.idtracker@ietfa.amsl.com>
To: Adam Roach <adam@nostrum.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/BuWhHVsL8nQjdi7y6vxhvGRtHxI>
Subject: Re: [TLS] Adam Roach's Yes on draft-ietf-tls-dnssec-chain-extension-06: (with COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Feb 2018 03:28:38 -0000
> On Feb 6, 2018, at 10:19 PM, Adam Roach <adam@nostrum.com> wrote: > > Unless I missed something important, this scenario doesn't seem to make much > sense: if the client provides name A and the server replies with name B, the > client either (1) isn't performing server name validation (in which case it is > nonsense for the client to ask for a dnssec_chain), or (2) is going to error > out the connection. Do I have that right? If there's some situation in which > the server acting as described above provides some benefit, I would love to > see it described in here. If it's just a matter of having completely described > behavior for corner cases, it may be worthwhile indicating that the client > will reject the connection if the server decides to complete the handshake > like this. DANE clients sometimes accept more than one name for the server. This happens when the server name is obtained indirectly from MX OR SRV records, or as the result of (DNSSEC-validated) CNAME expansion. So in principle, more than one name might be acceptable to the client. In practice however, I don't yet see a mechanism where a client that can't do DNSSEC validation on its own would be in a position to do this. So the server may indeed be able to validate a certificate for some name that the client did not expect, and it would then be up to some external mechanism (prompt the user?) to accept that name or not. It is not entirely unreasonable to allow the client that freedom, but it would likely not be a mainstream mode of operation. Perhaps I am not thinking creatively enough about other ways for the client to be configured security to accept one of many names for the server, and to "guess" the wrong one. -- Viktor.
- [TLS] Adam Roach's Yes on draft-ietf-tls-dnssec-c… Adam Roach
- Re: [TLS] Adam Roach's Yes on draft-ietf-tls-dnss… Viktor Dukhovni
- Re: [TLS] Adam Roach's Yes on draft-ietf-tls-dnss… Adam Roach
- Re: [TLS] Adam Roach's Yes on draft-ietf-tls-dnss… Shumon Huque
- Re: [TLS] Adam Roach's Yes on draft-ietf-tls-dnss… Shumon Huque