Re: [TLS] draft-shore-tls-dnssec-chain-extension-00
Melinda Shore <melinda.shore@nomountain.net> Tue, 30 June 2015 21:10 UTC
Return-Path: <melinda.shore@nomountain.net>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FEC51B29BB; Tue, 30 Jun 2015 14:10:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.666
X-Spam-Level:
X-Spam-Status: No, score=-1.666 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pzy5k1cSjE2M; Tue, 30 Jun 2015 14:10:25 -0700 (PDT)
Received: from homiemail-a103.g.dreamhost.com (sub4.mail.dreamhost.com [69.163.253.135]) by ietfa.amsl.com (Postfix) with ESMTP id 123C71B29A8; Tue, 30 Jun 2015 14:10:25 -0700 (PDT)
Received: from homiemail-a103.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a103.g.dreamhost.com (Postfix) with ESMTP id AB6622005E627; Tue, 30 Jun 2015 14:10:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=nomountain.net; h= message-id:date:from:mime-version:to:cc:subject:references :in-reply-to:content-type:content-transfer-encoding; s= nomountain.net; bh=xWV3aOnylSofTe3X1pgWWO+gw9c=; b=ZePoNx2pi+qud qQToVVzv/gfwhE6SzCV/vBXLAAO1u58c3Vg5GoT95zCevBTGLGnHkwgRcAyea+UT Nu3/vZurhaLg/+C5Joz7nHvYr3TQuvVN8GewcPfiu6maJD0TZSTgxVxsLI50gwib aXJwo4cV4MFJpfFMj4zEN/9HQkXXNU=
Received: from spandex.local (216-67-117-38-rb3.fai.dsl.dynamic.acsalaska.net [216.67.117.38]) (using TLSv1 with cipher ECDHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: melinda.shore@nomountain.net) by homiemail-a103.g.dreamhost.com (Postfix) with ESMTPSA id 0EAE22005E628; Tue, 30 Jun 2015 14:10:23 -0700 (PDT)
Message-ID: <559305BD.9050502@nomountain.net>
Date: Tue, 30 Jun 2015 13:10:21 -0800
From: Melinda Shore <melinda.shore@nomountain.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:31.0) Gecko/20100101 Thunderbird/31.6.0
MIME-Version: 1.0
To: tls@ietf.org
References: <55922571.8080605@nomountain.net> <20150630062518.GC14121@mournblade.imrryr.org>
In-Reply-To: <20150630062518.GC14121@mournblade.imrryr.org>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/mDhD_bjmXcLrdIeSzM5d3XbOXQ0>
Cc: dane@ietf.org
Subject: Re: [TLS] draft-shore-tls-dnssec-chain-extension-00
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2015 21:10:27 -0000
Thanks for the detailed review, Viktor. Some of the issues you've raised are still things we're hashing through, and we're grateful for your clarifications. We'll be getting a new draft out before document submission closes and it will incorporate some of your suggestions. On 6/29/15 10:25 PM, Viktor Dukhovni wrote: > Similar considerations apply to server-to-server XMPP traffic. > Thus the extension in question is only relevant with protocols > where TLS (with authenticaiton) is mandatory, and DANE is a > potentially attractive alternative PKI. With opportunistic DANE > TLS, the extension is inevitably too late. Right now our main use case is https, as browser vendors are extremely sensitive to increased latency in connection establishment, and anything we can do to help that can make it easier to argue for implementation. We have, though, been talking about other application protocols, including XMPP, but haven't worked through the details. In particular we haven't looked at opportunistic DANE usage. We'll add some text clarifying that this extension would be inapplicable in those cases. > Speaking of RRsets, are the RRs in each RRset returned by the server > required to be sorted in canonical order? That's one of the things we've been discussing. One of the things that's been driving our decisions so far has been implementation considerations, and in particular how to deliver the data needed for validation to a validator that's part of a DNS API. > 4. I think the Section 4 SNI interaction would be a lot cleaner, > if SNI is mandatory for clients that use the proposed extension. > In which case the server can only respond with a leaf TLSA RRset > (and chain of RRSIG/DNSKEY/DS/... records) whose "base domain" ( > see section 3 of RFC6698 and soon definition of TLSA base domain > in draft-ietf-dane-ops-13 (later this week)). Using some random > name for the server's IP address is not a good idea IMHO. PTR > records are too often poorly correlated with the client's notion > of the target server name. Right, and we actually changed that back and forth a few times. It's not clear to us that SNI is being used across all applications using TLS. I think that generally we're going to need guidelines for application developers. > 6. Note that the soon up for IESG review draft-ietf-dane-ops > considerably revises the DANE verification logic for TLSA certificate > usage DANE-EE(3). Section 6 should refer to draft-ietf-dane-ops-12 > (soon -13 which responds to AD and GEN-ART comments) as well as > RFC6698. Okay, thanks. > is sub-optimal, it should refer to a TLSA RRset, which MUST contain > at least one TLSA record that matches the server's certificate > chain, but will often contain additional records that do not. That's another issue we're currently working through. We'll have some more thoughtful text in the next revision. > 8. Great care must be taken (with Certificate usages other than > DANE-EE(3)) to ensure that the TLSA record matches a certificate > that is actually part of the server's chain and not just some random > unrelated certificate that happens to be present in the server > certificate message. Many implementors fail to check this. Good point, thanks. > 9. This draft should reiterate the requirement that with certificate > usage DANE-TA(2), the server MUST include the trust-anchor certificate > in its certificate message even if that trust-anchor is self-signed > (root CAs are NOT optional with DANE-TA(2)). Ditto. > 10. Validation of RRSIGs is a subtle art, the client will definitely > need to check not only the signatures but also the validity intervals > of all RRSIGs (the client must trust its own clock or have access > to a trusted time source). Since the server forwards wire-format > RRsets, these include TTLs, and clients might plausibly cache these, > provided the TTLs are consistent with the RRSIG validity intervals. > The draft might provide guidance on any client-side caching (clients > might e.g. not even send the extension when they have unexpired > cached TLSA data from a previous interaction with the server). Will do, but I'm not sure this will make it into the next revision in much detail, given time constraints. But yes, I agree it should go into the document in greater detail in the future. Thanks again, Melind -- Melinda Shore No Mountain Software melinda.shore@nomountain.net "Software longa, hardware brevis."
- [TLS] draft-shore-tls-dnssec-chain-extension-00 Melinda Shore
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Viktor Dukhovni
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Melinda Shore
- Re: [TLS] [dane] draft-shore-tls-dnssec-chain-ext… Shumon Huque
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Paul Wouters
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Shumon Huque
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Viktor Dukhovni
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Daniel Kahn Gillmor
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Viktor Dukhovni
- Re: [TLS] draft-shore-tls-dnssec-chain-extension-… Melinda Shore