On Wed, May 15, 2013 at 09:19:39PM +0200, Andy Polyakov wrote:
> >> 0. The TLSA lookup function does not check the "bogus"
> >>field, which is
> >> documented as possibly set together with "secure", indicating a bogus
> >> DNS reply (unbound still returns the data it seems) and lets
> >>the caller
> >> decide. So the new TLSA lookup function is not safe.
> >
> >OK.
>
> Or? Manual page says if both are zero, then no security for domain.
> It says nothing about both being set to 1. And example at
> unbound.net suggests that they can't be set together:
>
> if(result->secure)
> printf("Result is secure\n");
> else if(result->bogus)
Yes, it seems I did not find a sufficiently clear reference in my
quick search for ub_resolve() documentation. The "secure" bit
precludes bogus.
When you're implementing the verification code for TLSA RRs, we
should talk. I have a working implementation via the verify
callback, and have spent a bunch of time thinking through some of
the more subtle issues.
You can look at tls_verify_certificate_callback() in:
https://github.com/vdukhovni/postfix/blob/20130405-nonprod/postfix/src/tls/tls_verify.c
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
