Viktor Dukhovni wrote: >> >> Defective implementations excepted, the TLS protocol engine will >> look at the KeyUsage attribute of the Server certificate and check >> the cipher suite selection for compatibility -- and the application >> call will NOT have a say in this. > > You seem to be wedded to the idea that DANE support will be in > application code and not in "TLS engine code".
That isn't my idea, that is a fundamental part of the architecture of TLS, described in every existing TLS specification at the end of section 1, Introduction. http://tools.ietf.org/html/rfc2246#page-4 The TLS standard, however, does not specify how protocols add security with TLS; the decisions on how to initiate TLS handshaking and how to interpret the authentication certificates exchanged are left up to the judgment of the designers and implementors of protocols which run on top of TLS. > > Having actually implemented a complete DANE verifier, I can assure > you that there will be very few applications indeed that attempt > to do this. We know painfully well just how poor apps are in doing certificate verification: "The most dangerous Code in the World" http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf A number of TLS protocol implementations come with utility functions to make the task easier for applications to consume TLS. The model how server endpoint identites are checked in HTTP-over-TLS, as described in rfc2818, is a matter of the application from the TLS protocol perspective. Leaving the checking of certificates entirely to applications is what leads to the problem described in above paper. The situation with DANE is very much alike. DANE does not change anything about how TLS works, it only changes how applications make use (including certificate (parh) validation) of the certificates exchanged within the TLS protocol. It is likely that TLS implementation will add support for DANE to the the set of utility functions that are supposed to facilitate consumption of TLS for applications. DANE is *NOT* part of TLS, and it will be the task of application to actually have the checks performed. -Martin _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
