Postfix DANE support for Certificate Usage = 0/1?
Viktor Dukhovni
ietf-dane at dukhovni.org
Sun Mar 1 21:40:23 CET 2015
On Sun, Mar 01, 2015 at 08:37:04PM +0100, Michael Str?der wrote:
> Viktor Dukhovni wrote:
>
> > The two models coexist seamlessly, and many existing DANE SMTP
> > sites use certificates from a public CA.
>
> But you switch off X.509 validation if DANE is used.
Because server-signalled mandatory use of (some unspecified set
of) public CA trust-anchors can only reduce interoperability and
cannot contribute to security.
> I'd like to see DNSSEC/DANE/TLSA as an *additional* mechanism but still
> requiring X.509 validation to be fully performed. With this multiple trust
> anchors would be effective which is IMO the real solution.
This is sloppy wishful thinking. You've not considered the security
model carefully enough. It would sure be nice if using both gave
you more security and reduced the chance of failure. Unfortunately,
this would give you no additional security and would needlessly
increase the chance of failure.
Since a compromise of DNS would allow the attacker to publish
DANE-EE(3) records of his choice, the "requirement" to "harden"
DANE with (some unspecified set of) public CAs is subject to a
trivial DNS-only downgrade. So the security of this reduces to
the security of DANE without the (unspecified) public CAs.
On the other hand, including the requirement to also use said CAs
introduces significant opportunities for authentication to fail
because the client does not have the server's chosen root CA in
its trusted CA list, or the client has difficultly building the
trust path for various reasons. There is no user to "click OK" in
MTA-to-MTA SMTP when the Web PKI fails (as it does too frequently).
--
Viktor.
More information about the dane-users
mailing list