IETF Logo Mail Archive

Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 21 February 2018 19:52 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA0E312DA22 for <tls@ietfa.amsl.com>; Wed, 21 Feb 2018 11:52:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KQDJeErFAs9O for <tls@ietfa.amsl.com>; Wed, 21 Feb 2018 11:52:11 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 397A712DA21 for <tls@ietf.org>; Wed, 21 Feb 2018 11:52:11 -0800 (PST)
Received: from [10.200.0.109] (unknown [8.2.105.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id 23D547A3309; Wed, 21 Feb 2018 19:52:10 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <alpine.LRH.2.21.1802211418520.7767@bofh.nohats.ca>
Date: Wed, 21 Feb 2018 14:52:09 -0500
Cc: TLS WG <tls@ietf.org>
Content-Transfer-Encoding: 7bit
Message-Id: <8DD08D1D-47D6-4CF5-B8A0-99FA446132E2@dukhovni.org>
References: <151801408058.4807.6327251050641650375.idtracker@ietfa.amsl.com> <CAHPuVdUgZLUf5M8ir=610mvERwQzPhbhGGOyW5s552JtP8d05g@mail.gmail.com> <CABcZeBOST2X0-MH2hhzpPJaUkbY++udsUV1bMnMhH2V2wQRPmA@mail.gmail.com> <BE4EB728-46A3-4C30-B500-C7A0601EB74D@dukhovni.org> <alpine.LRH.2.21.1802211418520.7767@bofh.nohats.ca>
To: Paul Wouters <paul@nohats.ca>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/KJ13QLda0odiMLSXUfGAzkr1yb4>
Subject: Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2018 19:52:12 -0000


> On Feb 21, 2018, at 2:21 PM, Paul Wouters <paul@nohats.ca> wrote:
> 
>> For clients that do reject PKIX success based on DANE failure, and
>> cache obtained TLSA records, it might have been good to recommend
>> refreshing the TLSA records while the cached data is still valid
>> (say the smaller of some refresh time or 50% of TTL has expired).
>> That way, for a client that keeps communicating regularly may be
>> (partially) protected against downgrades.  Perhaps it is too late
>> to make such a change at this stage in the document's life-cycle.
> 
> Is it customary for TLS clients that do PKIX validation to check the
> certificate expiry for long lived TLS connections?

The text you're responding to is NOT about long-lived TLS connections,
rather it addresses the case where the client makes repeated connections
frequently enough to benefit from caching previously obtained TLSA
records for verifying future connections.  In that case it makes sense
to "refresh" the TLSA records (include the extension in a new request)
even before the previously cached data has expired.

> I assumed most TLS clients verification is done at the start of the
> connection only and the connection is then deemed verified until it
> closes - irrespective of the signature lifetimes of the certificate?

Correct, but not applicable to the topic at hand.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email