Re: [TLS] Why TLSA RR and not CERT RR?
Robert Moskowitz <rgm-sec@htt-consult.com> Sun, 26 June 2022 21:47 UTC
Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69B60C1A7F90 for <tls@ietfa.amsl.com>; Sun, 26 Jun 2022 14:47:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.785
X-Spam-Level:
X-Spam-Status: No, score=-3.785 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-1.876, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KVwovLuMO9OY for <tls@ietfa.amsl.com>; Sun, 26 Jun 2022 14:47:55 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AC9FCC18BCBE for <tls@ietf.org>; Sun, 26 Jun 2022 14:47:55 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id A97F26250B; Sun, 26 Jun 2022 17:47:08 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id bkbVv6G-0xxh; Sun, 26 Jun 2022 17:47:00 -0400 (EDT)
Received: from [192.168.160.11] (unknown [192.168.160.11]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id 89CED624D4; Sun, 26 Jun 2022 17:46:57 -0400 (EDT)
Message-ID: <be35148e-e326-c963-af18-08bb08dfcf49@htt-consult.com>
Date: Sun, 26 Jun 2022 17:47:38 -0400
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.10.0
Content-Language: en-US
To: tls@ietf.org, Viktor Dukhovni <ietf-dane@dukhovni.org>
References: <fbd4826a-8604-9170-b7ea-a5ed86ef1462@htt-consult.com> <CABcZeBP3ew2YXKgcfgQwzBTPjG=diAYURBJ+8d1ULJ3pHSUigg@mail.gmail.com> <108daf4e-37e0-f32e-cf1b-70d51c45987a@htt-consult.com> <9e8e4eb7-09b1-a98c-bda6-e11108897140@htt-consult.com> <CABcZeBOiOL_m5-f5rSrxRo3Ag7M1UfNPEtVVn5Or_TGJ+6iFig@mail.gmail.com> <da7c89ee-91aa-c572-7ec7-b0e1b0eb1e8c@htt-consult.com> <YrjHx4E8LcSyZAbm@straasha.imrryr.org>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
In-Reply-To: <YrjHx4E8LcSyZAbm@straasha.imrryr.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/bqNryaRmoRoU4jKouxj8vUL4Ido>
Subject: Re: [TLS] Why TLSA RR and not CERT RR?
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 26 Jun 2022 21:47:56 -0000
Viktor, thank you for your response. For those uses that are DANE/DANCE/TLS related, TLSA records WILL be used. See draft-moskowitz-drip-secure-nrid-c2 Which I am working on an update to correct some errors and add MAVlink as a message format for NRID. and these TLSA records will be installed? in DNS via draft-ietf-drip-registries (still in need of serious work) But in draft-ietf-drip-auth, we have attestations that are carried in very contrained messages, and there have been various opinions that these should also be in DNS. So how? CERT RR, it seems. And again this will be done in drip-registries. So there is a part of this which is TLS (and IPsec and HIP) and a part which is custom design work to fit into the mandated Unmanned Aircraft comm. Fun to be had. Bob On 6/26/22 16:55, Viktor Dukhovni wrote: > On Sun, Jun 26, 2022 at 04:29:38PM -0400, Robert Moskowitz wrote: > >> I will use them in draft-ietf-drip-registries for our X.509 certs and >> our 'custom' attestation certs (private OID will be needed). And then >> the powers-that-be can sort it out as we move forward. > Why do the certificates need to be delivered via DNS? Are TLS or DTLS > not suitable as protocols between the subject and relying party? > > What is the management model for these certificates? How will key > rollover at the subject be coördinated with changes in the DNS? > > TLSA records are flexible in that they can specify trust-anchor keys or > certificates (typically their digests) as well as EE keys or > certificates. Multiple TLSA records can be published at the same RRset, > and rollover is facilitated by requiring only one to match. > > The need to tightly synchronise regular certificate rollovers with DNS > changes can be avoided by keeping EE keys stable, or publishing a stable > issuer trust-anchor key. Alternatively, one can pre-publish future > EE public keys and then use that key in a later certificate rollover > if observed in DNS for a sufficient number of TTLs, or else renew the > certificate with the extant key. > > So there are well-understood (if not yet universally practiced) > operational practices that enable robust deployments of DANE TLSA. > > Is there something similar for the proposed use of CERT? Is publication > of (often multi-kilobyte) full certificates in DNS a good idea? >
- [TLS] Why TLSA RR and not CERT RR? Robert Moskowitz
- Re: [TLS] Why TLSA RR and not CERT RR? Eric Rescorla
- Re: [TLS] Why TLSA RR and not CERT RR? Robert Moskowitz
- Re: [TLS] Why TLSA RR and not CERT RR? Robert Moskowitz
- Re: [TLS] Why TLSA RR and not CERT RR? Eric Rescorla
- Re: [TLS] Why TLSA RR and not CERT RR? Robert Moskowitz
- Re: [TLS] Why TLSA RR and not CERT RR? Viktor Dukhovni
- Re: [TLS] Why TLSA RR and not CERT RR? Jim Reid
- Re: [TLS] Why TLSA RR and not CERT RR? Robert Moskowitz
- Re: [TLS] Why TLSA RR and not CERT RR? Robert Moskowitz
- Re: [TLS] Why TLSA RR and not CERT RR? Robert Moskowitz
- Re: [TLS] Why TLSA RR and not CERT RR? John Levine
- Re: [TLS] Why TLSA RR and not CERT RR? Phillip Hallam-Baker