[Standards] Unsigned DANE records for TLS assertions

Dave Cridland dave at cridland.net
Tue Nov 26 12:20:21 UTC 2013


On Tue, Nov 26, 2013 at 12:04 PM, Tony Finch <dot at dotat.at> wrote:

> Dave Cridland <dave at cridland.net> wrote:
> >
> > What I'm wondering is whether an initiator could use the presence of a
> TLSA
> > record to decide not to consider falling back to XEP-0220. In other
> words,
> > whether a domain could use them to assert that it has a valid
> certificate.
>
> The DANE drafts that I produced (for mail protocols) specified that
> clients should expect the server to have a valid certificate and should
> not fall back to unauthenticated or unencrypted connections.
>

Right, but that would assume the records are signed, correct?

I'm vaguely trying to work out, too, the relationship between XEP-0220
(which relies on an unspoofed DNS to operate) and unsigned TLSA records.
If, instead of XEP-0220, we used unsigned DANE, would this work just as
(in)securely?

It's an interesting (to me) point, because going from unsigned TLSA to
either of signed TLSA (ie, proper DANE) or a CA-signed authoritative
certificate (ie, a proper cert) should be relatively smooth.

I suspect we still need to call back in the case of unsigned records and
self-signed certificates, because otherwise an attacker could spoof the DNS
and wouldn't need to stage a server. If they can stage a server and spoof
the DNS, then they can already spoof XEP-0220.

I do not know whether it's harder to spoof two co-related unsigned records
within the same zone, though.

I would note that an unsigned TLSA concept would implicitly mandate TLS -
as such, the right comparison is with XEP-0220 over TLS, rather than
"vanilla" XEP-0220.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/standards/attachments/20131126/1f61d959/attachment.html>


More information about the Standards mailing list