IETF Logo Mail Archive

Re: [TLS] Trusting self-signed TLS certificates - specifically for HTTPS

Viktor Dukhovni <ietf-dane@dukhovni.org> Fri, 02 December 2022 21:23 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28868C14CE26 for <tls@ietfa.amsl.com>; Fri, 2 Dec 2022 13:23:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8958zjwUtmje for <tls@ietfa.amsl.com>; Fri, 2 Dec 2022 13:23:43 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E4E6C14CE20 for <tls@ietf.org>; Fri, 2 Dec 2022 13:23:41 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 9DE551192A9; Fri, 2 Dec 2022 16:23:40 -0500 (EST)
Date: Fri, 02 Dec 2022 16:23:40 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <Y4ps3ClLWy7NX5pd@straasha.imrryr.org>
Reply-To: tls@ietf.org
References: <04ea01d9068b$94914730$bdb3d590$@olliejc.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <04ea01d9068b$94914730$bdb3d590$@olliejc.uk>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NOvbIWR1O5MdS3SGBxYbnjiOhZo>
Subject: Re: [TLS] Trusting self-signed TLS certificates - specifically for HTTPS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Dec 2022 21:23:44 -0000

On Fri, Dec 02, 2022 at 08:20:58PM +0000, Ollie wrote:

> That said, in reply to your points, I understand DANE to a level that I know
> PKIX isn't applicable to my original intention/query, so perhaps I haven't
> been clear with what I'm looking to achieve.

DANE has 4 certificate usages, and 2 of them PKIX-TA(0) and PKIX-EE(1)
are a combination of local trust-anchors (RFC 5280 PKIX) and DANE
certificate constraints (server-side DNS CA or EE certificate or public
key constraint). 

The security of PKIX-EE(1) is at least as strong as DANE-EE
(self-signed), and already supports CT via the existing CAs.  CT is
already a centralised model, so your allergic reaction to public CAs
while seeking mandatory CT is puzzling.  Perhaps you can explain on
ACME, or perhaps the (mostly inactive) dane@ietf.org list.

With a PKIX-EE(1) server key "pin", no CA can unilaterally convince a
DANE-enabled client that a misissued certificate is valid.  If the
client requires PKIX-EE(1) and does not support DANE-EE(3), then
just compromising DNSSEC is also ineffective.

Of course this is also the most operationally fragile model, offering
two ways to have an outage.  I don't see it gaining much popularity,
but you can try to convince people otherwise.

Good luck.

-- 
    Viktor.

v2.23.0 | Report a Bug | By Email