[Standards] Unsigned DANE records for TLS assertions

Peter Saint-Andre stpeter at stpeter.im
Wed Dec 4 08:57:06 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/26/13 5:20 AM, Dave Cridland wrote:
> On Tue, Nov 26, 2013 at 12:04 PM, Tony Finch <dot at dotat.at 
> <mailto:dot at dotat.at>> wrote:
> 
> Dave Cridland <dave at cridland.net <mailto:dave at cridland.net>>
> wrote:
>> 
>> What I'm wondering is whether an initiator could use the
>> presence
> of a TLSA
>> record to decide not to consider falling back to XEP-0220. In
> other words,
>> whether a domain could use them to assert that it has a valid
> certificate.
> 
> The DANE drafts that I produced (for mail protocols) specified
> that clients should expect the server to have a valid certificate
> and should not fall back to unauthenticated or unencrypted
> connections.
> 
> 
> Right, but that would assume the records are signed, correct?
> 
> I'm vaguely trying to work out, too, the relationship between
> XEP-0220 (which relies on an unspoofed DNS to operate) and unsigned
> TLSA records. If, instead of XEP-0220, we used unsigned DANE, would
> this work just as (in)securely?

Why "instead of"? It seems that we have dialback and will have it
forever, so why not build upon it and make it more secure via DNSSEC
and TLSA records? That's what Matt Miller and I have been pursuing in
draft-ietf-xmpp-dna.

> It's an interesting (to me) point, because going from unsigned TLSA
> to either of signed TLSA (ie, proper DANE) or a CA-signed
> authoritative certificate (ie, a proper cert) should be relatively
> smooth.
> 
> I suspect we still need to call back in the case of unsigned
> records and self-signed certificates,

Or something like anonymous DH?

> because otherwise an attacker could spoof the DNS and wouldn't need
> to stage a server. If they can stage a server and spoof the DNS,
> then they can already spoof XEP-0220.

Correct.

> I do not know whether it's harder to spoof two co-related unsigned 
> records within the same zone, though.
> 
> I would note that an unsigned TLSA concept would implicitly mandate
> TLS - as such, the right comparison is with XEP-0220 over TLS,
> rather than "vanilla" XEP-0220.

I'd be curious to hear what Tony or other DNS experts have to say.

Peter

- -- 
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSnu5iAAoJEOoGpJErxa2pUYgP/2UecxbvfqL5RxJ3wv1/2Qr2
ORSBCArn6NHt/tWG7QgahpPNVT0UzAec4etxWz9Z8rPlmeOSgQK7b+Zohbzg+RqH
g1agulb4KYxd/kFZzQiiYfIk4yaYhJzzpS15//w0cjm3SeBFpoC+/063dDPKZKNF
bGcdEWfBuF/rhpWiojwbfbcDtCWHIBo3safS6z6ouxdQCQoXdnO/SWcKQ/4YIFTw
qVY7tVW3VawF5WtciB9fWAErKC902JZp+eCQcfTBa8zpy+g2/4oKUfE6bJX+3Zjc
MvLoe8o5RTGgsNNZkZ9/4LDmEFn6of/OKGAYjPCnCTb/Ho456BOxurTHg8Pe+fCj
o0JMQPl6+ucuoyDVcoa4h9NjRX3QprPeJHu1twP/Pvvl3Mef6xaDMbXKxm8aOLVf
fIYccIVGbnTN/EwYnjD8ISmavWjJGYduOnJPptz1FtkZ1GmLndSGLK0jeUQZK64X
XvcXrZrRUYCMELL/uNQBVkI94r8MqKUPsL/pWPLCYeBkQitswr471RQ4jjcW/B4G
Kdxg1f/VuI27K3NpVmYBs8ieiVV0xmE6MCIU9FP+10CP3lUucpXqALfCcX3vtZdY
4zqFRA26q2nolGXA83/0c8XSGNwcxRMt8M0Sa/tCFNsYM/ogZ25FeRsPNtriMrFC
CbbAPfTQc63LAyw15OpO
=TWjo
-----END PGP SIGNATURE-----



More information about the Standards mailing list