Re: [TLS] Trusting self-signed TLS certificates - specifically for HTTPS
Viktor Dukhovni <ietf-dane@dukhovni.org> Fri, 02 December 2022 21:23 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 28868C14CE26 for <tls@ietfa.amsl.com>; Fri, 2 Dec 2022 13:23:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8958zjwUtmje for <tls@ietfa.amsl.com>; Fri, 2 Dec 2022 13:23:43 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E4E6C14CE20 for <tls@ietf.org>; Fri, 2 Dec 2022 13:23:41 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 9DE551192A9; Fri, 2 Dec 2022 16:23:40 -0500 (EST)
Date: Fri, 02 Dec 2022 16:23:40 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <Y4ps3ClLWy7NX5pd@straasha.imrryr.org>
Reply-To: tls@ietf.org
References: <04ea01d9068b$94914730$bdb3d590$@olliejc.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <04ea01d9068b$94914730$bdb3d590$@olliejc.uk>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/NOvbIWR1O5MdS3SGBxYbnjiOhZo>
Subject: Re: [TLS] Trusting self-signed TLS certificates - specifically for HTTPS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 Dec 2022 21:23:44 -0000
On Fri, Dec 02, 2022 at 08:20:58PM +0000, Ollie wrote: > That said, in reply to your points, I understand DANE to a level that I know > PKIX isn't applicable to my original intention/query, so perhaps I haven't > been clear with what I'm looking to achieve. DANE has 4 certificate usages, and 2 of them PKIX-TA(0) and PKIX-EE(1) are a combination of local trust-anchors (RFC 5280 PKIX) and DANE certificate constraints (server-side DNS CA or EE certificate or public key constraint). The security of PKIX-EE(1) is at least as strong as DANE-EE (self-signed), and already supports CT via the existing CAs. CT is already a centralised model, so your allergic reaction to public CAs while seeking mandatory CT is puzzling. Perhaps you can explain on ACME, or perhaps the (mostly inactive) dane@ietf.org list. With a PKIX-EE(1) server key "pin", no CA can unilaterally convince a DANE-enabled client that a misissued certificate is valid. If the client requires PKIX-EE(1) and does not support DANE-EE(3), then just compromising DNSSEC is also ineffective. Of course this is also the most operationally fragile model, offering two ways to have an outage. I don't see it gaining much popularity, but you can try to convince people otherwise. Good luck. -- Viktor.
- [TLS] Trusting self-signed TLS certificates - spe… Ollie
- Re: [TLS] Trusting self-signed TLS certificates -… Eric Rescorla
- Re: [TLS] Trusting self-signed TLS certificates -… Viktor Dukhovni
- Re: [TLS] Trusting self-signed TLS certificates -… Bas Westerbaan
- Re: [TLS] Trusting self-signed TLS certificates -… Viktor Dukhovni
- Re: [TLS] Trusting self-signed TLS certificates -… Eric Rescorla
- Re: [TLS] Trusting self-signed TLS certificates -… Viktor Dukhovni
- Re: [TLS] Trusting self-signed TLS certificates -… Bas Westerbaan
- Re: [TLS] Trusting self-signed TLS certificates -… Ollie
- Re: [TLS] Trusting self-signed TLS certificates -… Viktor Dukhovni
- Re: [TLS] Trusting self-signed TLS certificates -… Bas Westerbaan
- Re: [TLS] Trusting self-signed TLS certificates -… Ollie
- Re: [TLS] Trusting self-signed TLS certificates -… Viktor Dukhovni
- Re: [TLS] Trusting self-signed TLS certificates -… Bas Westerbaan
- Re: [TLS] Trusting self-signed TLS certificates -… Ollie
- Re: [TLS] Trusting self-signed TLS certificates -… Viktor Dukhovni
- Re: [TLS] Trusting self-signed TLS certificates -… Ollie
- Re: [TLS] Trusting self-signed TLS certificates -… Viktor Dukhovni