Re: [TLS] [dane] draft-shore-tls-dnssec-chain-extension-00
Shumon Huque <shuque@gmail.com> Wed, 01 July 2015 03:27 UTC
Return-Path: <shuque@gmail.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 554681A1A70; Tue, 30 Jun 2015 20:27:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ebWgKlwoW6OL; Tue, 30 Jun 2015 20:27:15 -0700 (PDT)
Received: from mail-qg0-x22d.google.com (mail-qg0-x22d.google.com [IPv6:2607:f8b0:400d:c04::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C9A01A1A66; Tue, 30 Jun 2015 20:27:15 -0700 (PDT)
Received: by qgem68 with SMTP id m68so13350955qge.0; Tue, 30 Jun 2015 20:27:15 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:reply-to:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=uLwayf64nkEoAjlF+A58u/8TULlEAwQr3Lmq5+nDzGs=; b=oyjod6zZwnwu3Dz9GD5/5qeUKTxRqML+cDzX8vJRPV5mKqwq3n4UbK8pQegrRPemTx OW/oQoqDrzgmzX8UqwgQlXDangFW/qtz2xf+lihCe6O4F+22EWssfUl6v9mYxm2CWj7P DU0mC9qM2xRm3ZGWO35VuzY2oTgxOj4WkC3uxVqBI72W9pdvrdgcYozRFJStLm8uclRW N0O1yOHpGjTY2jUb9/0xGHyQMQhiWq4iE3duopkvFbbv/jbXKEaDKsu63+FHnAEfSYJf o1tB9/GtvSzHJ+hVUxrEQ2f2S7msEEicOAx2BW6IKualEAl1b+XcZ9hlRVemRRf0SC29 tZHA==
MIME-Version: 1.0
X-Received: by 10.55.23.17 with SMTP id i17mr50071868qkh.39.1435721235260; Tue, 30 Jun 2015 20:27:15 -0700 (PDT)
Received: by 10.140.80.208 with HTTP; Tue, 30 Jun 2015 20:27:15 -0700 (PDT)
In-Reply-To: <20150630062518.GC14121@mournblade.imrryr.org>
References: <55922571.8080605@nomountain.net> <20150630062518.GC14121@mournblade.imrryr.org>
Date: Tue, 30 Jun 2015 23:27:15 -0400
Message-ID: <CAHPuVdVzd9zzJM_Vw1=-kYYNmxbE0gpYB8NDXYU1+uTPm1p-4Q@mail.gmail.com>
From: Shumon Huque <shuque@gmail.com>
To: tls@ietf.org
Content-Type: multipart/alternative; boundary="001a1146fabe3986e30519c7e6ac"
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/VnBTXakA6HfzKGxs_aXeIP8uYKE>
Cc: "<dane@ietf.org>" <dane@ietf.org>
Subject: Re: [TLS] [dane] draft-shore-tls-dnssec-chain-extension-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: shuque@gmail.com
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2015 03:27:18 -0000
On Tue, Jun 30, 2015 at 2:25 AM, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote: Thanks Victor. I'll add a few to Melinda's earlier comments .. On Mon, Jun 29, 2015 at 09:13:21PM -0800, Melinda Shore wrote: > > > Please have a look at it and get comments or suggestions > > to us. We're planning on getting one more revision out > > prior to the Prague meeting, and on having a test > > implementation available in Prague. > > The draft is available at: > > https://tools.ietf.org/html/draft-shore-tls-dnssec-chain-extension-00 > > > 3. I'm not sure what purpose the last paragraph of section 3 is > intended to serve: > > Obviously, an authentication chain will be most compact and easiest > to verify if each RRset has a single record, i.e., if there is a > single DNSKEY RR and a single DS RR at each step. In addition, as > suggested above, keeping zone cuts to a minimum also reduces the > length of the authentication chain. > > The TLS server has no choice but to return the complete RRset for > each owner name class and RRtype, since RRSIGs cover RRsets, not > individual RRs. So "compacting" is possible. The server returns > the RRsets exactly as published by the relevant DNS(SEC) servers. > Yeah, section 3 needs a bit of work. Also, the order of record (sets) in the given example doesn't match the dnssec_chain structure definition - that should be fixed in the next rev. The structure will likely undergo some additional changes too, e.g. names that involve CNAME/DNAMEs might need an authentication tree rather than a single authentication chain, or a sequence of authentication chains. > Speaking of RRsets, are the RRs in each RRset returned by the server > required to be sorted in canonical order? > It would be nice to do so, but not essential - as long as the validator sorts them canonically before signature verification. > 4. I think the Section 4 SNI interaction would be a lot cleaner, > if SNI is mandatory for clients that use the proposed extension. > In which case the server can only respond with a leaf TLSA RRset > (and chain of RRSIG/DNSKEY/DS/... records) whose "base domain" ( > see section 3 of RFC6698 and soon definition of TLSA base domain > in draft-ietf-dane-ops-13 (later this week)). Using some random > name for the server's IP address is not a good idea IMHO. PTR > records are too often poorly correlated with the client's notion > of the target server name. > I agree with this. > 5. In Section 5, the server MUST not violate DNS TTLs. The last > senetence: > > Alternatively, it could be configured to rebuild the chain at some > predefined periodic intervals. > > is I fear too much rope. Sure the server can periodically flush > its cache (using shorter than possible TTLs), but this does not > free it of the obligation to not extend TTLs by relying exclusively > on a cache lifetime of its own choosing. > I agree that is a bit of rope. The first part of the section does tell the validator to do the right thing. The alternative (which would be simpler to implement) was provided for cases where the server operator might know the TTLs and signature validity periods of the chain above it (assuming they are stable), and be able to select a suitable regeneration interval below them. But yes, it provides more opportunity for doing the wrong thing by selecting the wrong interval. Note that the original draft suggested something similar (regenerating the stapled chain into an X.509 cert at some predefined interval). > 11. Finally, Shumon Huque (mostly) and I (helping out) are writing > a draft to specify DANE TLSA for client authentication. If and > when that progresses (WG adoption, ...), there may need to be a > similar extension, allowing a client to forward its DNSSEC-validated > TLSA RRset. This is not an immediate priority and can be re-evaluated > later. > I posted a link to the draft separately on the dane list. But for TLS folks: https://tools.ietf.org/html/draft-huque-dane-client-cert-00 -- Shumon Huque
- [TLS] draft-shore-tls-dnssec-chain-extension-00 Melinda Shore
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Viktor Dukhovni
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Melinda Shore
- Re: [TLS] [dane] draft-shore-tls-dnssec-chain-ext… Shumon Huque
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Paul Wouters
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Shumon Huque
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Viktor Dukhovni
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Daniel Kahn Gillmor
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Viktor Dukhovni
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Melinda Shore