[Cryptography] At what point should people not use TLS?
Francisco Corella
fcorella at pomcor.com
Sun Apr 17 12:43:25 EDT 2016
> On Apr 16, 2016, at 4:48 PM, Tony Arcieri <bascule at gmail.com> wrote:
>
> While I'm not really a fan of DNSSEC, DANE TLSA records can contain a Domain-Issued Certificate where the entire certificate is provided in and authenticated via a DNS response.
>
A DANE TLS record may contain a certificate, but it may also contain
hash, to be matched against the certificate provided by the TLS
server. And section 10.1 of RFC 7671 <https://tools.ietf.org/html/rfc7671> recommends storing a hash in the
record rather than a certificate, precisely because DNS may have
trouble delivering even a single certificate due to the large size of
a certificate. (The RFC refers to UDP fragmentation, and to firewalls
not allowing the use of DNS over TCP rather than UDP.) Delivering a
certificate chain with multiple certificates would be even more
problematic.
By the way, while DANE requires DNSSEC, the paper does not. Using
plain DNS is all that's needed to achieve zero round-trips. And even
plain DNS provides a substantial security benefit, as briefly
discussed in section IV of the paper <https://pomcor.com/techreports/M2MSec14.pdf>.
Francisco
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160417/f927e13d/attachment.html>
More information about the cryptography
mailing list