Re: [TLS] WGLC: draft-ietf-tls-dnssec-chain-extension-04

Jim Reid <jim@rfc1035.com> Fri, 07 July 2017 14:11 UTC

Return-Path: <jim@rfc1035.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CE55513146C for <tls@ietfa.amsl.com>; Fri, 7 Jul 2017 07:11:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wkNWc3edZOpa for <tls@ietfa.amsl.com>; Fri, 7 Jul 2017 07:11:23 -0700 (PDT)
Received: from shaun.rfc1035.com (smtp.v6.rfc1035.com [IPv6:2001:4b10:100:7::25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A9E4C129687 for <tls@ietf.org>; Fri, 7 Jul 2017 07:11:23 -0700 (PDT)
Received: from gromit.rfc1035.com (gromit.rfc1035.com [195.54.233.69]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by shaun.rfc1035.com (Postfix) with ESMTPSA id 74D4A2421529 for <tls@ietf.org>; Fri, 7 Jul 2017 14:11:21 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
From: Jim Reid <jim@rfc1035.com>
In-Reply-To: <20170705171211.GM5673@mournblade.imrryr.org>
Date: Fri, 07 Jul 2017 15:11:20 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <1F943876-91FC-4529-9B44-9F187EDA48B5@rfc1035.com>
References: <765945B5-B686-45EB-84AE-38731C3006D6@rfc1035.com> <20170705171211.GM5673@mournblade.imrryr.org>
To: tls@ietf.org
X-Mailer: Apple Mail (2.3124)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/Y6HuV8CarE19OSaBmAHgkO4IweA>
Subject: Re: [TLS] WGLC: draft-ietf-tls-dnssec-chain-extension-04
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Jul 2017 14:11:27 -0000

> On 5 Jul 2017, at 18:12, Viktor Dukhovni <ietf-dane@dukhovni.org> wrote:
> 
> On Wed, Jul 05, 2017 at 05:30:49PM +0100, Jim Reid wrote:
> 
>> 1) There probably needs to be clearer guidance about the use cases for
>> this extension and the trade-offs between TLS clients doing DNSSEC
>> validation for themselves instead of sending DNS lookups to a validating
>> resolver server. How does an application developer decide which approach
>> would or wouldn't be appropriate?
> 
> On today's Internet, DNSSEC is not generally available to end-user
> devices.  There are too many "last mile" problems.  Thus, while
> direct acquisition of DANE TLSA records works for (e.g.) dedicated
> SMTP servers, any end-user application that wants to do DANE TLS
> needs to use the proposed extension.

I am too painfully aware of those last mile issues.
 
IMO the draft could be clearer about the fact it’s aimed at TLS clients that don’t have access to or a trust relationship with a validating DNS resolver. It might also be worthwhile explaining the trade-offs between the DNSSEC lookup and TLS chaining approaches and how an implementer or operator can choose between them when/if both are available. Though if the spec was to say “don’t bother with DNSSEC lookups at all and just use this chaining extension”, that would be fine.

> Perhaps you're asking whether once the relevant records are obtained,
> their validation should be via library calls to a suitable API, or
> via a suitable protocol to the local resolver?

No. I couldn’t care less about API issues or how the RRSIGs get validated. They’re implentation details for the implementation detail. I am uneasy at the prospect of every TLS client application include what will be essentially its own validating DNS resolver when there could/should be one of these already running on the device itself.

> Except that the records will be warm in the server's cache, since
> many clients will be asking it for the *same* data.  The same is
> not as likely to be true at the client.  So there is indeed a likely
> latency reduction in farming out the lookups to the server.

OK.

It might be helpful to explicitly say “TLS server” rather than “server” to avoid confusion or ambiguity. Sometimes this is obvious from the context. But at other places in the draft “server” could be read as “DNS server”.

>> 4) It's not clear if TLS clients can or should cache the DNS data (and
>> the resulting validations?) returned though this extension.
> 
> The server will return TTLs, and caching per those TTLs is no less
> appropriate than it is in DNS generally.

Is there some reason why this isn’t in the draft?

>> 5) How does a TLS client behave when its DNSSEC validation of a TLSA record
>> or whatever fails? Can/should it give up or fall back to conventional
>> validation of the certificate via a CA?
> 
> This is application/configuration dependent.

That probably needs to be captured in the document too.