Re: [TLS] Enforcing Protocol Invariants
Hubert Kario <hkario@redhat.com> Fri, 16 November 2018 15:08 UTC
Return-Path: <hkario@redhat.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1A97F130EDA for <tls@ietfa.amsl.com>; Fri, 16 Nov 2018 07:08:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6rT705MY3f-N for <tls@ietfa.amsl.com>; Fri, 16 Nov 2018 07:08:19 -0800 (PST)
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 865BD130ED9 for <tls@ietf.org>; Fri, 16 Nov 2018 07:08:19 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BBC619E60A; Fri, 16 Nov 2018 15:08:18 +0000 (UTC)
Received: from pintsize.usersys.redhat.com (ovpn-200-35.brq.redhat.com [10.40.200.35]) by smtp.corp.redhat.com (Postfix) with ESMTP id CBD001054FD2; Fri, 16 Nov 2018 15:08:17 +0000 (UTC)
From: Hubert Kario <hkario@redhat.com>
To: tls@ietf.org
Date: Fri, 16 Nov 2018 16:08:16 +0100
Message-ID: <2620706.ylDbxqFaDo@pintsize.usersys.redhat.com>
In-Reply-To: <2168AD22-D717-48B5-9370-26E72B4ECF86@dukhovni.org>
References: <CAO7N=i0g9d9x5RdF_guKm3GDAxVRHSV+eHffs6kiJm6dWO7tvw@mail.gmail.com> <CAHOTMVKrfbmxJ-gk+dR_XaozjX=BJqmEpmHEFAs2GuMi4MBMMA@mail.gmail.com> <2168AD22-D717-48B5-9370-26E72B4ECF86@dukhovni.org>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="nextPart9839415.idQUyZEuo5"; micalg="pgp-sha512"; protocol="application/pgp-signature"
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Fri, 16 Nov 2018 15:08:18 +0000 (UTC)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/PinaF_ElyTjL4qZORk_72559R84>
Subject: Re: [TLS] Enforcing Protocol Invariants
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Nov 2018 15:08:22 -0000
On Tuesday, 13 November 2018 00:13:58 CET Viktor Dukhovni wrote: > [ I agree that this thread is off topic for this WG, thus below > just a short OT aside on some oft-repeated critiques of DNSSEC. ] > > > On Nov 12, 2018, at 2:15 PM, Tony Arcieri <bascule@gmail.com> wrote: > > > > The cryptography employed by the X..509 PKI is substantially more modern > > than what's in DNSSEC. Much of DNSSEC's security comes down to 1024-bit > > or 1280-bit RSA ZSKs. > It is true that while the KSKs tend to be 2048-bit RSA, ZSKs are typically > 1024-bits or 1280-bits. > > http://stats.dnssec-tools.org/#keysize > > That said, all the TLDs are using 2048-bit KSKs, and we're seeing > increasing adoption of ECDSA in DSSSEC: > > http://stats.dnssec-tools.org/#parameter > > and the .CZ and .BR TLDs switched to ECDSA this year, and more will likely > follow. > > Furthermore, the weakest link in the chain for both WebPKI and DNSSEC is not > the cryptography. Rather it is operational weaknesses in the enrollment > processes. > > For WebPKI, we basically have TOFU by the CA based on apparent > unauthenticated control of a TCP endpoint as the basis of certificate > issuance, occasionally strengthened via DNSSEC(!) validated CAA records > and/or ACME challenges. but that TOFU is global, not local to a client -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
- [TLS] Enforcing Protocol Invariants Ryan Carboni
- Re: [TLS] Enforcing Protocol Invariants Salz, Rich
- Re: [TLS] Enforcing Protocol Invariants Ryan Carboni
- Re: [TLS] Enforcing Protocol Invariants Eric Rescorla
- Re: [TLS] Enforcing Protocol Invariants Viktor Dukhovni
- Re: [TLS] Enforcing Protocol Invariants Jim Reid
- [TLS] Enforcing Protocol Invariants Ryan Carboni
- Re: [TLS] Enforcing Protocol Invariants Eric Rescorla
- Re: [TLS] Enforcing Protocol Invariants Dmitry Belyavsky
- Re: [TLS] Enforcing Protocol Invariants Viktor Dukhovni
- Re: [TLS] Enforcing Protocol Invariants Patrick Mevzek
- Re: [TLS] Enforcing Protocol Invariants Ryan Carboni
- Re: [TLS] Enforcing Protocol Invariants Eric Mill
- Re: [TLS] Enforcing Protocol Invariants Eric Rescorla
- Re: [TLS] Enforcing Protocol Invariants Daniel Kahn Gillmor
- Re: [TLS] Enforcing Protocol Invariants Tony Arcieri
- Re: [TLS] Enforcing Protocol Invariants Viktor Dukhovni
- Re: [TLS] Enforcing Protocol Invariants Hubert Kario
- Re: [TLS] Enforcing Protocol Invariants Lanlan Pan
- Re: [TLS] Enforcing Protocol Invariants Viktor Dukhovni
- Re: [TLS] Enforcing Protocol Invariants Salz, Rich
- Re: [TLS] Enforcing Protocol Invariants Viktor Dukhovni
- Re: [TLS] Enforcing Protocol Invariants Salz, Rich
- Re: [TLS] Enforcing Protocol Invariants Christopher Wood
- Re: [TLS] Enforcing Protocol Invariants Viktor Dukhovni
- Re: [TLS] Enforcing Protocol Invariants Hannes Tschofenig