On Wed, Mar 20, 2013 at 09:37:32PM +0000, Viktor Dukhovni wrote: > With certificate usage 0/2, if the server certificate from the TLS > handshake is in fact the trust anchor itself, rather than something > else signed (perhaps indirectly) via the trust anchor, is that OK? > > Should a DANE client accept the chain? Should it still apply name > checks? I wasn't able to divine an answer from RFC 5280 (PKIX). > > At the moment, I am not treating depth zero specially, so a trust > achor's own certificate is accepted and in that case required to > match the MX domain or validated MX hostname.
Ah yes, this issue spawned a lengthy discussion a little over a year ago. The discussion starts here: https://www.ietf.org/mail-archive/web/dane/current/msg03997.html The direct answer to your question might be this email here: https://www.ietf.org/mail-archive/web/dane/current/msg04196.html but it's hard to say if it does or not. Exactly how to handle the chain in a spec-compliant way depends on specifics of the server's certificate and the TA and your email doesn't really specify those details. Take a look at the above links, I think you'll see what I mean. In the end, client-side inconsistency on this point was one of the drivers for us defining usage 3 (while some clients would allow it, others would not, so a case that a TLSA publisher could rely on to work the way they want was needed). HTH -- Scott Schmit
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
