IETF Logo Mail Archive

Re: [TLS] Why TLSA RR and not CERT RR?

Robert Moskowitz <rgm-sec@htt-consult.com> Sun, 26 June 2022 21:47 UTC

Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69B60C1A7F90 for <tls@ietfa.amsl.com>; Sun, 26 Jun 2022 14:47:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.785
X-Spam-Level:
X-Spam-Status: No, score=-3.785 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KVwovLuMO9OY for <tls@ietfa.amsl.com>; Sun, 26 Jun 2022 14:47:55 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC9FCC18BCBE for <tls@ietf.org>; Sun, 26 Jun 2022 14:47:55 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id A97F26250B; Sun, 26 Jun 2022 17:47:08 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id bkbVv6G-0xxh; Sun, 26 Jun 2022 17:47:00 -0400 (EDT)
Received: from [192.168.160.11] (unknown [192.168.160.11]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 89CED624D4; Sun, 26 Jun 2022 17:46:57 -0400 (EDT)
Message-ID: <be35148e-e326-c963-af18-08bb08dfcf49@htt-consult.com>
Date: Sun, 26 Jun 2022 17:47:38 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: tls@ietf.org, Viktor Dukhovni <ietf-dane@dukhovni.org>
References: <fbd4826a-8604-9170-b7ea-a5ed86ef1462@htt-consult.com> <CABcZeBP3ew2YXKgcfgQwzBTPjG=diAYURBJ+8d1ULJ3pHSUigg@mail.gmail.com> <108daf4e-37e0-f32e-cf1b-70d51c45987a@htt-consult.com> <9e8e4eb7-09b1-a98c-bda6-e11108897140@htt-consult.com> <CABcZeBOiOL_m5-f5rSrxRo3Ag7M1UfNPEtVVn5Or_TGJ+6iFig@mail.gmail.com> <da7c89ee-91aa-c572-7ec7-b0e1b0eb1e8c@htt-consult.com> <YrjHx4E8LcSyZAbm@straasha.imrryr.org>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
In-Reply-To: <YrjHx4E8LcSyZAbm@straasha.imrryr.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bqNryaRmoRoU4jKouxj8vUL4Ido>
Subject: Re: [TLS] Why TLSA RR and not CERT RR?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jun 2022 21:47:56 -0000

Viktor,

thank you for your response.

For those uses that are DANE/DANCE/TLS related, TLSA records WILL be 
used.  See

draft-moskowitz-drip-secure-nrid-c2

Which I am working on an update to correct some errors and add MAVlink 
as a message format for NRID.

and these TLSA records will be installed? in DNS via
draft-ietf-drip-registries (still in need of serious work)

But in draft-ietf-drip-auth, we have attestations that are carried in 
very contrained messages, and there have been various opinions that 
these should also be in DNS.  So how?  CERT RR, it seems.  And again 
this will be done in drip-registries.

So there is a part of this which is TLS (and IPsec and HIP) and a part 
which is custom design work to fit into the mandated Unmanned Aircraft comm.

Fun to be had.

Bob


On 6/26/22 16:55, Viktor Dukhovni wrote:
> On Sun, Jun 26, 2022 at 04:29:38PM -0400, Robert Moskowitz wrote:
>
>> I will use them in draft-ietf-drip-registries for our X.509 certs and
>> our 'custom' attestation certs (private OID will be needed). And then
>> the powers-that-be can sort it out as we move forward.
> Why do the certificates need to be delivered via DNS?  Are TLS or DTLS
> not suitable as protocols between the subject and relying party?
>
> What is the management model for these certificates?  How will key
> rollover at the subject be coördinated with changes in the DNS?
>
> TLSA records are flexible in that they can specify trust-anchor keys or
> certificates (typically their digests) as well as EE keys or
> certificates.  Multiple TLSA records can be published at the same RRset,
> and rollover is facilitated by requiring only one to match.
>
> The need to tightly synchronise regular certificate rollovers with DNS
> changes can be avoided by keeping EE keys stable, or publishing a stable
> issuer trust-anchor key.  Alternatively, one can pre-publish future
> EE public keys and then use that key in a later certificate rollover
> if observed in DNS for a sufficient number of TTLs, or else renew the
> certificate with the extant key.
>
> So there are well-understood (if not yet universally practiced)
> operational practices that enable robust deployments of DANE TLSA.
>
> Is there something similar for the proposed use of CERT?  Is publication
> of (often multi-kilobyte) full certificates in DNS a good idea?
>

v2.23.0 | Report a Bug | By Email