[ Note, I've read only the changes from -08, not the whole document. ]
Section 3.4 (Impact on TLA Usage) second bullet:
Revert change from -08 to -09. The -08 language:
If the TLSA response is "insecure", then the client SHALL proceed ...
was correct, the -09 language opens the door to downgrade attacks:
If the TLSA lookup fails, then the client SHALL proceed as if the ...
Section 3.1 (Srv Query):
Quote:
If the lookup result is "insecure" (or no SRV records are located),
this protocol does not apply and the client SHOULD fall back to its
non-DNSSEC, non-DANE (and possibly non-SRV) behavior. If the SRV
lookup fails because the RRset is "bogus", the client MUST abort its
attempt to connect to the desired service.
Note that *any* SRV lookup error, not just "bogus" needs to
trigger connection failure. Timeout, SRVFAIL, ... all of these
are potential downgrade attacks. Here, error is in the sense of
section 2.1.1 of the SMTP draft (NXDOMAIN either "secure" or
"insecure" is NOT an error).
In light of that, the parenthetical comment "(or no SRV records
are located)" should perhaps be made more precise.
(or the lookup result is a denial of existence, whether "secure" or
"insecure", but is not a lookup error)
Also please update your xml2rfc reference cache, the SMTP draft
reference should be to version 13.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
