IETF Logo Mail Archive

[TLS] WGLC: draft-ietf-tls-dnssec-chain-extension-04

Jim Reid <jim@rfc1035.com> Wed, 05 July 2017 16:30 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 34B36131D74 for <tls@ietfa.amsl.com>; Wed, 5 Jul 2017 09:30:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XgRnAguuQIGj for <tls@ietfa.amsl.com>; Wed, 5 Jul 2017 09:30:55 -0700 (PDT)
Received: from shaun.rfc1035.com (shaun.rfc1035.com [93.186.33.42]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7EC5131D4E for <tls@ietf.org>; Wed, 5 Jul 2017 09:30:54 -0700 (PDT)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id E08852421529 for <tls@ietf.org>; Wed, 5 Jul 2017 16:30:49 +0000 (UTC)
From: Jim Reid <jim@rfc1035.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-Id: <765945B5-B686-45EB-84AE-38731C3006D6@rfc1035.com>
Date: Wed, 05 Jul 2017 17:30:49 +0100
To: TLS WG <tls@ietf.org>
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NFAJBpvyiKik7gwwth69E5zAQSg>
Subject: [TLS] WGLC: draft-ietf-tls-dnssec-chain-extension-04
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 05 Jul 2017 16:30:56 -0000

I’ve got a few concerns/issues with the document.

1) There probably needs to be clearer guidance about the use cases for this extension and the trade-offs between TLS clients doing DNSSEC validation for themselves instead of sending DNS lookups to a validating resolver server. How does an application developer decide which approach would or wouldn’t be appropriate?

2) I’m not sure there is much of an "associated latency penalty” from DNS lookups. Something’s going to esxperience this one way or another. Either the TLS client takes that hit or the TLS server does it for them before it sends back the requested DNS data. And in both cases, whatever is making the DNS lookups should be benefitting from what’s in the resolver’s cache. That cached data may even have been validated too.

3) Something should be said about algorithm agility. We can be reasonably sure web browsers, DNS servers, smart phones and so on will generally have up-to-date DNSSEC validators and/or TLS code. Some TLS clients -- fire and forget embedded systems, IoT devices, etc -- might never get updated once they’re deployed. If these clients use their own DNSSEC validators, they will be screwed when/if DNSSEC drops SHA1 signatures (say) or adds a new flavour of ECC or even an all-new signing protocol.

4) It’s not clear if TLS clients can or should cache the DNS data (and the resulting validations?) returned though this extension. Suppose a jabber client validates foo.com, does it have to start at the root and work all the way down to validate bar.com? Could it start that validation at the previously validated and new cached trust anchor for .com? Can/should negative answers -- NOHOST/NXDOMAIN responses -- be cached?

5) How does a TLS client behave when its DNSSEC validation of a TLSA record or whatever fails? Can/should it give up or fall back to conventional validation of the certificate via a CA?

6) The draft doesn't seem to take account of key rollovers when DNS data will be signed by two or more keys. Zone signing keys are missing from the examples too. These might well have been omitted for cosmetic reasons. IMO they need to be included in the final document to illustrate what implementers can expect to find when the DNS returns signed data.

v2.23.0 | Report a Bug | By Email