On Thu, Aug 07, 2014 at 03:03:26PM +0000, Viktor Dukhovni wrote:
- You seem to want to ensure that opportunistic security should
avoid defending against active attacks,
[Here "you" == Stephen K.]
That's my take on Stephen's position. IIRC it derived from wanting no
UI impact from OS. But DANE lets you securely discover that you can
authenticate a service, authenticate it, and success/failure *is* the
*only* UI needed in that case -- a UI that already exists.
I.e., OS w/ DANE has no UI impact, and you can't fallback on
unauthenticated encryption when the service can be authenticated. OS w/
DANE has no downgrade attacks.
The only ways to make OS w/ DANE fail are: compromise a DNS registrar in
the chain, compromise the service, compromise the crypto, or DoS.
Heck, OS w/ TOFU/pinning has similar properties once the peer's keys are
learned/pinned (and with all the security considerations of
TOFU/pinning). DANE isn't the only option, but DNSSEC's secure NXDOMAIN
functionality makes DANE >> TOFU/pinning.
Therefore OS can provide more than unauthenticated encryption in some
cases.
Nico
--