Re: [TLS] Trusting self-signed TLS certificates - specifically for HTTPS
Viktor Dukhovni <ietf-dane@dukhovni.org> Mon, 28 November 2022 21:12 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2D206C14F742 for <tls@ietfa.amsl.com>; Mon, 28 Nov 2022 13:12:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8sLDACyVtHxn for <tls@ietfa.amsl.com>; Mon, 28 Nov 2022 13:12:01 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08151C14F5E0 for <tls@ietf.org>; Mon, 28 Nov 2022 13:12:00 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 4DB16116AD3; Mon, 28 Nov 2022 16:11:58 -0500 (EST)
Date: Mon, 28 Nov 2022 16:11:58 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <Y4UkHiGwwHVKTw/B@straasha.imrryr.org>
Reply-To: tls@ietf.org
References: <9jom-o0k2EKlsgFmAQfJqg2oBOK_bEw9D1VvMz3nmF4L4K1vftMPU916SKERU48MSk10IakHBzdPD74CMFYha65rdhg-8PqDpPpArSfYuPI=@olliejc.uk> <CABcZeBMTxJ24r+-PB4cY1wCcAip75i8OnJoSaCLkpOrDaJwdTA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <CABcZeBMTxJ24r+-PB4cY1wCcAip75i8OnJoSaCLkpOrDaJwdTA@mail.gmail.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/x_iMu83afzDcBGirJ6YunGo7mfE>
Subject: Re: [TLS] Trusting self-signed TLS certificates - specifically for HTTPS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Nov 2022 21:12:02 -0000
On Mon, Nov 28, 2022 at 12:27:07PM -0800, Eric Rescorla wrote:
> How much of the TLS part of this objective is achieved by RFC 9102?
Well, RFC9102 is at a different layer. It provides a mechanism for
clients to obtain a TLSA RRset by other means than direct DNS lookup,
because that often runs into last mile barriers (as you reported at
IETF114 IIRC, is there now a paper you can link to?).
Once the client has TLSA records be it directly from DNS, or
server-facilitated via a TLS extension, at that point what's trusted
should not depend materially on how the TLSA records were obtained.
So back to the OP's question, what appears to be missing here? It seems
to me that "3 1 1" TLSA records are sufficient to allow self-signed
certificates to validate, indeed this is already quite common in TLS for
SMTP. The only known nit is that for an HTTP browser one needs to heed
a potential UKS issue, and so the advice in RFC7671 to ignore the
hostname in certificates validated via a TLSA "3 1 1" record is not
appropriate for "https" in browsers that support following remotely
supplied links, redirects, care about cross-origin issues, ...
In simpler protocols that just move data between a client and server,
the RFC7671 semantics for "3 1 1" records reduce the potential for
operator error (seen with low, but non-zero frequency for "2 1 1"
records, where some MX hosts now and then sport certificates that don't
match their names).
--
Viktor.
- [TLS] Trusting self-signed TLS certificates - spe… Ollie
- Re: [TLS] Trusting self-signed TLS certificates -… Eric Rescorla
- Re: [TLS] Trusting self-signed TLS certificates -… Viktor Dukhovni
- Re: [TLS] Trusting self-signed TLS certificates -… Bas Westerbaan
- Re: [TLS] Trusting self-signed TLS certificates -… Viktor Dukhovni
- Re: [TLS] Trusting self-signed TLS certificates -… Eric Rescorla
- Re: [TLS] Trusting self-signed TLS certificates -… Viktor Dukhovni
- Re: [TLS] Trusting self-signed TLS certificates -… Bas Westerbaan
- Re: [TLS] Trusting self-signed TLS certificates -… Ollie
- Re: [TLS] Trusting self-signed TLS certificates -… Viktor Dukhovni
- Re: [TLS] Trusting self-signed TLS certificates -… Bas Westerbaan
- Re: [TLS] Trusting self-signed TLS certificates -… Ollie
- Re: [TLS] Trusting self-signed TLS certificates -… Viktor Dukhovni
- Re: [TLS] Trusting self-signed TLS certificates -… Bas Westerbaan
- Re: [TLS] Trusting self-signed TLS certificates -… Ollie
- Re: [TLS] Trusting self-signed TLS certificates -… Viktor Dukhovni
- Re: [TLS] Trusting self-signed TLS certificates -… Ollie
- Re: [TLS] Trusting self-signed TLS certificates -… Viktor Dukhovni