Re: [dane] #13: Server name check for certificate type 1
Martin Rex <mrex@sap.com> Wed, 09 November 2011 23:19 UTC
Return-Path: <mrex@sap.com>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0A70811E809A for <dane@ietfa.amsl.com>; Wed, 9 Nov 2011 15:19:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.106
X-Spam-Level:
X-Spam-Status: No, score=-10.106 tagged_above=-999 required=5 tests=[AWL=0.143, BAYES_00=-2.599, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mWU8+Nl0PhcN for <dane@ietfa.amsl.com>; Wed, 9 Nov 2011 15:19:35 -0800 (PST)
Received: from smtpde01.sap-ag.de (smtpde01.sap-ag.de [155.56.68.170]) by ietfa.amsl.com (Postfix) with ESMTP id D9D1311E809C for <dane@ietf.org>; Wed, 9 Nov 2011 15:19:34 -0800 (PST)
Received: from mail.sap.corp by smtpde01.sap-ag.de (26) with ESMTP id pA9NJRfH015837 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Thu, 10 Nov 2011 00:19:27 +0100 (MET)
From: Martin Rex <mrex@sap.com>
Message-Id: <201111092319.pA9NJQwA007005@fs4113.wdf.sap.corp>
To: rbarnes@bbn.com
Date: Thu, 10 Nov 2011 00:19:26 +0100
In-Reply-To: <91EDC182-2CC8-4B57-B451-8354B973956D@bbn.com> from "Richard Barnes" at Nov 9, 11 05:52:39 pm
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
X-SAP: out
Cc: paul.hoffman@vpnc.org, dane@ietf.org
Subject: Re: [dane] #13: Server name check for certificate type 1
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: mrex@sap.com
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 09 Nov 2011 23:19:36 -0000
Richard Barnes wrote:
>
> >> I still disagree with this. Names are not considered at the
> >> DANE/PKIX/TLS layer -- only the application considers the name.
> >> This document should not place any constraints on what names should
> >> or should not be in certificates.
> >
> > I strongly disagree.
> >
> > Matching of DNS names is an integral part of the security architecture
> > of DANE, because the name is necessary in order to obtain the relevant
> > DANE records.
>
> I certainly agree. The choice of domain name is critical.
> Hence the suggestion at the bottom of my previous message,
> pasted here for your convenience:
>
> [...]
>
> That's the level at which we need to address domain names, not the
> content of the certificate.
Thinking about it, I might need to clarify and adjust my position about
"PKIX validation" being unrelated to "server endpoint identification".
While technically independent, there are certainly assumptions made
on the part of the issuing CA and on the part of PKIX (at least those
who still believe that Name Constraints are not a complete failure).
If we allow skipping of the traditional server endpoint identification
for type 1 certificates, then we would be actively creating new
security problems and nullify the security value of commercial
SSL certificates and the RA process behind it for TLS clients that
implement DANE.
Picture this:
- a TLS client with the intention to connect to
https://www.higlytrustedbank.x-z-z
- being MiTMed by an attacker, who is in posession of
a real server cert for https://www.realbadguy.x-y-y
from a commercial CA.
If we specify that traditional server endpoint matching is to
be skipped when a DANE TLSA record for a type 1 certificate
with a completely different server name exists, then we're
completely subverting the original TLS X.509 PKI trust model
for TLS clients that implement DANE.
Personally, I really do _not_ like that idea. DANE adds value
when both checks are performed. Doing the orginial (PKIX-based)
server endpoint identification only half-assed IMHO renders
the type 1 certificates useless.
-Martin
- Re: [dane] #13: Server name check for certificate… dane issue tracker
- Re: [dane] #13: Server name check for certificate… Zack Weinberg
- Re: [dane] #13: Server name check for certificate… Paul Hoffman
- Re: [dane] #13: Server name check for certificate… Richard Barnes
- Re: [dane] #13: Server name check for certificate… Paul Wouters
- Re: [dane] #13: Server name check for certificate… Zack Weinberg
- Re: [dane] #13: Server name check for certificate… Paul Hoffman
- Re: [dane] #13: Server name check for certificate… Paul Hoffman
- Re: [dane] #13: Server name check for certificate… Zack Weinberg
- Re: [dane] #13: Server name check for certificate… Martin Rex
- Re: [dane] #13: Hostnames in Certificates (was: S… dane issue tracker
- Re: [dane] #13: Server name check for certificate… Richard Barnes
- Re: [dane] #13: Server name check for certificate… Martin Rex
- Re: [dane] #13: Server name check for certificate… Richard Barnes
- Re: [dane] #13: Server name check for certificate… Martin Rex
- Re: [dane] #13: Server name check for certificate… Richard Barnes
- Re: [dane] #13: Server name check for certificate… Warren Kumari
- Re: [dane] #13: Hostnames in Certificates dane issue tracker