Mark Andrews wrote:
My question is:
If the client has to be modified to do this extra TLSA check, then why
not just add login to do a CA 3rd party repository? Or support OCSP
(Online Certificate Status Protocol) RFC2560?
OCSP is for when the CA knows the CERT is compromised.
TLSA, mode X, is to detect mis-issued CERT by some CA.
Different threat models.
OCSP are sometimes unreachable even when you have the address and CERT.
TLSA records will almost always be available if you can retrieve the address
as they live below the address in the DNS and are usually in the same zone.
Different failure models.
Yes, but its always been used for whatever the CA responds with and
whatever the client decides to do as a negative response, but as the
modus operandi has been, a positive response has "trust value." I've
seen it used in cases where a browser check provides a perfect SSL
resolution, but with modern browsers having OCSP enabled now, it will
provide a failure/security notification to the user. In the case I
recall, a big national chain store purchased a set of wildcard
domains, then wanted to add more the same day, and there was a
revocation issue that failure when OCSP was enabled.
So I guess that all falls under a "compromise" threat/failure window.
When change is proposed, then it has to have a payoff. A client
trusting a self-signed signature is going to be pre-defined or
pre-arranged or known upfront.
TLSA, mode Y, allows you to trust the self signed CERT by providing
a verifiable secure chain of trust back to a DNS trust anchor rather
than a CA trust anchor.
Thanks for your comments.
At best, this proposal offers an easier protocol. But its not ready
for prime time until the DNS servers better support unnamed types and
across the OS platform board.
I think we would like a SMTP/TLS model where clients support/service
the CA market, in the same way Browsers do for SSL/TLS certificates.
I can see an SMTP Server Extension that offers service keywords for
the level of enforcement. This may answer one of the lingering
questions the DANE-SMTP drafts states that the server has no way to
know the client has looked up a TLSA record.
--
HLS