On Fri, Feb 21, 2014 at 03:19:10PM -0500, Stephen Nightingale wrote:
> It is now possible to test from both TLSlite based and GnuTLS based
> clients.
The GnuTLS DANE implementation does not implement DANE-TA(2) or
correctly. It may also IIRC not do PKIX-TA(0) right either. The
issue is that the TA is incorrectly constrained to be the immediate
issuer of the leaf certificate. There may be other problems, I
did not perform a comprehensive code review.
So results from GnuTLS DANE verification can be misleading.
> A golden, canonical CA list would be nice to find. But I guess that its
> non-universal availability is one of the problems of the CA system
> that DANE is aiming squarely at.
There is no such beast. A form of Goedel's incompleteness theorem
applies: any list of CAs is either incomplete or untrustworthy (or
both).
> The differences between TLSlite and GnuTLS clients highlight the
> fact that there are unresolved interoperability issues among TLS
> implementations.
Default configurations of GnuTLS typically enforce unreasonable
minimum sizes on EDH primes. Applications have to work around
these with policy overrides.
> I look forward to seeing the newly upgraded OpenSSL
> client with added DANE. It is quite possible that as an interim step
> before its appearance I will add this DANE-in-the-App implementation
> to pyOpenSSL and/or Twisted.
Such a project should not be undertaken lightly, it is too easy to
get it wrong.
> If you find any glaring errors, I will be embarrassed but thankful.
> If you find any subtle errors I will be impressed and thankful.
A code review is required to rule out subtle errors, glaring errors
may show up in tests if the test bed is sufficiently comprehensive.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
