IETF Logo Mail Archive

Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension

Eric Rescorla <ekr@rtfm.com> Thu, 05 April 2018 02:45 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32690124BFA for <tls@ietfa.amsl.com>; Wed, 4 Apr 2018 19:45:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4U2hdxoOMQkZ for <tls@ietfa.amsl.com>; Wed, 4 Apr 2018 19:45:34 -0700 (PDT)
Received: from mail-oi0-x22b.google.com (mail-oi0-x22b.google.com [IPv6:2607:f8b0:4003:c06::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7276312426E for <tls@ietf.org>; Wed, 4 Apr 2018 19:45:34 -0700 (PDT)
Received: by mail-oi0-x22b.google.com with SMTP id u141-v6so21203606oif.1 for <tls@ietf.org>; Wed, 04 Apr 2018 19:45:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=yQ/Kkn0EfLXH+dyiS/p9zZF3jjrt9/ONEvDDM8RuV+o=; b=XKTo7lllnbYUXe4a/oSK3l+VkvJi3hxtMApAIGg3m6nMSvYCz2ITEx7ShLjbEyCNFX wwaB3U4Dq6v3VxCBCVw8UhmFdOD7b+KASs4gH2Q5I1XbrVLEZCyTIb4h5yTO5YX5my+e EeLKbi7D5GPKq7IuBZ7HPGqzKO4EF0sDG2qhsXjwXY1Z3pO7gt1JTxBnUAlzVQulSPQ4 GGv+s+rOQ74UJiKW1+x5StgQMg2wIRmhzIGH7r5qT0inM8Ij3scba70qzCJJxsnKPkwz 16DXG2Lny1Z1pQcD6EUND1PoO+RrWwkd7YOr+KNbNUvGuR93NPcIg7AHQljJ38uYgk0D Midg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=yQ/Kkn0EfLXH+dyiS/p9zZF3jjrt9/ONEvDDM8RuV+o=; b=RDbI5TL09X6w4ccAPuindC5bYmIgUEse/U+KcirmHyeKccqm9nNS11Fj0Q+4bg9AxK IFgxYlyhOnFDnSDBDJnc/flgyRiQEon8PagZQyfyoStdn5LrSpZ6cB6II7WtITel1ROb aenDbJBMTjgi7opwwRdvjojkSI7esDd1Gmb+jX9cGMZDBxG6KMOEjYvwvCpoBc/VxraR FReUiMLky0nwCeWMzCBePfQOQjBKzGOETuXiFbfQOE4qoFxXuPeu8rH3MmpbsvKCIeId jBhn4Sl9rJnruBPhzRreiqdYxW95HMVgdYaft8Jkx+f8MJK/0ThHFEX1G8MbhX915x4N F7nQ==
X-Gm-Message-State: ALQs6tBkeLm2qqecl5bVKQA0Ng8FIKwGWYRL3qZ3q063GNGtV1cDQxbK HnWkTvPZPcqDi2QJbVDbyLBjcEf0Suc7ZpD2C6j1Myz8
X-Google-Smtp-Source: AIpwx4+RxGeWwxndAOJOi5xoccuW4HNNvvrIixN4HxDsNojkxDxYmySZUZcQ5ongFryVpGXCG3ZiHpnyUoLEXp2hbh0=
X-Received: by 2002:aca:4f46:: with SMTP id d67-v6mr11014807oib.138.1522896333699; Wed, 04 Apr 2018 19:45:33 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.138.18.130 with HTTP; Wed, 4 Apr 2018 19:44:53 -0700 (PDT)
In-Reply-To: <20180405022007.GG25259@localhost>
References: <CAOgPGoAhzEtxpW5mzmkf2kv3AcugNy0dAzhvpaqrTSuMSqWqfw@mail.gmail.com> <EDB0F480-1272-4364-9A3D-23F9E1A02141@dukhovni.org> <CABkgnnWBdp=KtmBVDcrR9-5tdVPfhWG7pWR0FE57H=iWS37dWw@mail.gmail.com> <C52564E1-ABCD-4E1A-8517-19743BD2180B@dukhovni.org> <CABcZeBMcvtQ6Ko-2Rmoq3BSVBOqdQwJ65vVrPK0cpSJ9nQCS3w@mail.gmail.com> <20180405022007.GG25259@localhost>
From: Eric Rescorla <ekr@rtfm.com>
Date: Wed, 04 Apr 2018 19:44:53 -0700
Message-ID: <CABcZeBMGdXPF9if8Z_Gnc5MoOrZAOPEV2K3i5Bd_ewC6fdxOEg@mail.gmail.com>
To: Nico Williams <nico@cryptonector.com>
Cc: TLS WG <tls@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000014f6056910ef5f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/P5acZ5kzlyvsJfLPydP2vODfGB4>
Subject: Re: [TLS] Consensus Call on draft-ietf-tls-dnssec-chain-extension
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2018 02:45:36 -0000

On Wed, Apr 4, 2018 at 7:20 PM, Nico Williams <nico@cryptonector.com> wrote:

> On Wed, Apr 04, 2018 at 07:22:38PM -0700, Eric Rescorla wrote:
> > I don't think that this comparison is particularly apt.The
> > representation in HSTS is simply "I support HSTS". The representation
> > in HPKP is "I will use either consistent keying material *or* a
> > consistent set of CAs". The representation here is "I will continue to
> > have DNSSEC-signed DANE records". That is a significantly more risky
> > proposition than continuing to support TLS (and I'm ignoring the risk
> > of hijacking attacks that people were concerned with with HPKP), and
> > so this seems rather more like HPKP to me.
>
> Without a TTL (with zero meaning "clear the pin to DANE") this extension
> can only really be used with mandatory-to-use-with-DANE protocols, where
> the commitment to "continue to have DNSSEC-signed DANE records" is
> implied.
>

This simply isn't true, for the reasons Richard Barnes indicated in his
response
to you.


> The TTL allows one to put a bound on that commitment, thus alleviating
> the risk.
>
> That's the whole point: to alleviate the risk of commitment to DANE in
> order to not discourage opportunistic deployment.
>

HPKP had a TTL and yet as a practical matter, people found it very
problematic.
And, of course, if you're concerned with hijacking attacks, the hijacker
will
just advertise a very long TTL.

-Ekr

Nico
> --
>

v2.23.0 | Report a Bug | By Email