[Standards] Unsigned DANE records for TLS assertions

Dave Cridland dave at cridland.net
Fri Nov 22 10:07:51 UTC 2013


[09:54:03] Kev: So explicit whitelisting isn't quite what we have now, it's
true.
[09:55:58] dwd: I'm wondering if just a DNS record might help. Not mad keen
on filling DNS with rubbish, mind.
[09:56:27] Kev: dnssec-signed, presumably.
[09:57:28] dwd: The case where an attacker removes the DNS record leaves us
in the same situation as we're in now, though, so while DNSSEC feels
desirable, I think an unsigned record would still be useful.
[09:58:09] Kev: Yes.
[09:58:18] Kev: I don't see a problem with getting this deployed by the new
year :)
[09:58:53] dwd: Hmmm... Actually we could use unsigned DANE records for
this.

So, following on from what I posted on operators@, if DANE records were
published, then servers might choose to honour some DANE records (I'm
thinking types 0/1, perhaps) as indicating there should be no fallback -
even if the DANE records are not signed.

The security impact is:

 - If an attacker removes the record by fiddling with the DNS, then they
can mount an MITM attack. Note that they can also fiddle the DNS into
redirecting the connection too. It's not clear if this makes things any
harder than before.

 - If an attacker adds in a TLSA record, this could act as a denial of
service.

On reflection, I'm not sure if this is actually an overall benefit, but I
thought I'd throw the idea out.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20131122/5445d415/attachment.html>


More information about the Standards mailing list