On Wed, May 15, 2013 at 03:55:17PM +0000, Viktor Dukhovni wrote:
> Note, this "initial support", does not yet perform any verification
> based on TLSA records, it just adds a convenience TLSA RR lookup
> function that is conditional on libunbound. The application will
> need to call SSL_get_tlsa_record_byname() and then provide the output
> to the OpenSSL library via a control operation before the handshake.
A few more comments:
0. The TLSA lookup function does not check the "bogus" field, which is
documented as possibly set together with "secure", indicating a bogus
DNS reply (unbound still returns the data it seems) and lets the caller
decide. So the new TLSA lookup function is not safe.
1. The introduction of a dependency on libunbound is I think a mistake,
applications should obtain TLSA RRs via whatever library they see fit.
It is sufficient for OpenSSL to specify a suitable encoding of the
TLSA RRs to be passed to the verification routine.
2. The packed encoding chosen is rather unnatural. A data structure
would have been better than a packed array of lenghts and data buffers.
struct SSL_TLSA_DATA {
size_t rrcount;
struct {
size_t len;
unsigned char *data;
} rrdata[1];
}
I don't think Andy Polykov reads this list. I'll forward him my
comments under separate cover.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
