IETF Logo Mail Archive

Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)

Willem Toorop <willem@nlnetlabs.nl> Mon, 05 March 2018 09:32 UTC

Return-Path: <willem@nlnetlabs.nl>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5646127275; Mon, 5 Mar 2018 01:32:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.01
X-Spam-Level:
X-Spam-Status: No, score=-7.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nlnetlabs.nl
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hcNbxRuk5HuR; Mon, 5 Mar 2018 01:32:28 -0800 (PST)
Received: from dicht.nlnetlabs.nl (open.nlnetlabs.nl [185.49.140.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0706126579; Mon, 5 Mar 2018 01:32:27 -0800 (PST)
Received: from [IPv6:2a04:b900:0:1:a86b:a966:fd9c:f460] (unknown [IPv6:2a04:b900:0:1:a86b:a966:fd9c:f460]) by dicht.nlnetlabs.nl (Postfix) with ESMTPSA id E3C858E96; Mon, 5 Mar 2018 10:32:25 +0100 (CET)
Authentication-Results: dicht.nlnetlabs.nl; dmarc=none header.from=nlnetlabs.nl
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nlnetlabs.nl; s=default; t=1520242345; bh=SBwUUZIryUuoFsxfoesWhzMHUJWhYcRSTIkf6b190w4=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=sCws/xsch+NnAl/JhN5BNwTjT4Hb9HsJLOWcpTZlWhL4F3S9lLq5fWpl5uY4ZGRdH AI/r6wSO19upfzSdLZKnMO4cljkxVyP5DI4TVjqCbcVxaGZcm/LTI3gRBkePX4DfN9 uCU+AnOrIoSXQkEwetW6PWkJVTtmaHTnk5iNWAjQ=
To: Viktor Dukhovni <viktor@dukhovni.org>, TLS WG <tls@ietf.org>
Cc: Nico Williams <nico@cryptonector.com>, tls-chairs <tls-chairs@ietf.org>, draft-ietf-tls-dnssec-chain-extension@ietf.org, The IESG <iesg@ietf.org>
References: <CABcZeBOST2X0-MH2hhzpPJaUkbY++udsUV1bMnMhH2V2wQRPmA@mail.gmail.com> <CAHPuVdUs7mUJiqZjFjLDCNmHHGR9AP-g5YaLLbJj-zkDKd=_-w@mail.gmail.com> <alpine.LRH.2.21.1802211425260.7767@bofh.nohats.ca> <CAHPuVdX=_6b5g572-T-9Ccwek-WwL11KdTVwV9oNC9LaO5=0=Q@mail.gmail.com> <alpine.LRH.2.21.1802260913290.9977@bofh.nohats.ca> <70D42B5C-7FF9-49C1-95D4-13FDC611FF96@dukhovni.org> <CAHPuVdU8boBpYO3QutJgawH-54fKD+R9PaaT-5yWE+y2t+BwwA@mail.gmail.com> <CAHPuVdWhEnYxcLUzs-zbnKiN0zj+WO-7_cK2EobS1Gipurk7CQ@mail.gmail.com> <20180227233610.GD8921@localhost> <20180227233854.GE8921@localhost> <20180228200707.GF8921@localhost> <CAHPuVdUOZ1J+us4QfS+AedMvRzTGBRMGHvu5jpOdYr6mENGKXw@mail.gmail.com> <239165FB-38EE-4B32-91E4-92C422901801@dukhovni.org>
From: Willem Toorop <willem@nlnetlabs.nl>
Message-ID: <08d01955-841b-6744-9f25-8535474dd26d@nlnetlabs.nl>
Date: Mon, 05 Mar 2018 10:32:25 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <239165FB-38EE-4B32-91E4-92C422901801@dukhovni.org>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PPL5Z3q3b0s9U4VZEnzF-ROUmT0>
Subject: Re: [TLS] Eric Rescorla's Discuss on draft-ietf-tls-dnssec-chain-extension-06: (with DISCUSS and COMMENT)
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Mar 2018 09:32:29 -0000

Op 01-03-18 om 22:50 schreef Viktor Dukhovni:
> 
> 
>> On Mar 1, 2018, at 2:13 PM, Shumon Huque <shuque@gmail.com> wrote:
>>
>>> On Wed, Feb 28, 2018 at 3:07 PM, Nico Williams <nico@cryptonector.com> wrote:
>>> IF there's an objection to modifying the extension in order to add a
>>> pin-to-DANE TTL field, I would propose the following instead:
>>>
>>>     Make the pin-to-DANE be "forever" but make it so it can easily be
>>>     cleared if DANE is undeployed for the service.
>>
>> This option is already covered in the draft. It doesn't use the term pinning,
>> but does mention caching the existence of DANE on first contact and 
>> requiring it subsequently (if clients want to do so).
>>
>> I do not know if the draft authors and/or WG have an appetite to do the much 
>> more major change suggested by Viktor (i.e in-protocol pinning TTL commitment
>> and requiring subsequent denial of existence proof if DANE is removed).
> 
> Avoiding an explicit TTL, and clients unilaterally assuming the DANE extension
> will always be available is not IMHO a good idea.>
> Websites that initially implement the extension should be able to eventually
> stop using it, if for some reason they decide that they no longer want to do
> so.  While the server can clear the caches of clients that see a denial of
> existence of the TLSA records, or proof an unsigned delegation from a parent
> domain, without a max TTL there are always clients that have not yet connected
> since the policy change, and will be broken indefinitely if the extension is no
> longer delivered.
> 
> Therefore, any long-term caching of a destination's support for the extension
> should require server opt-in, and must have a maximum duration.

How do you (all) feel about using the expiry date on the RRSIG for the
TLSA to be used for this purpose?

v2.23.0 | Report a Bug | By Email