On Fri, May 31, 2013 at 12:46:52AM +0200, Guido Witmond wrote:
> >Perhaps someone else can take a stab at it. My impression is that
> >a non-trivial fraction of the early implementations are substantively
> >flawed. Caveat emptor.
> >
>
> I've updated the Extended DNSSEC Validator up to 0.8 in the past and
> got its maintainer Danny to incorporate my changes. Is has all the
> flaws mentioned before but I consider it a good start.
> And no, not ready for production, yet.
More than "not ready for production" it is deeply flawed. It fails
to check that the certificates in the "chain" are actually linked
to each other with each issuer at depth n+1 verified as the signer
of an unexpired subject certificate at depth n. It also does not
check basic constraints or key usage bits. It is trivial to concoct
bogus chains that pass validation via this extension.
Testing that it validates correct chains is the easy part, it MUST
fail to validate invalid chains, and here it bombs spectularly.
Programmers inexperienced in writing security code (thinking like
an attacker and handling not only the expected but also malicious
input) should not attempt DANE implementations.
Users should steer clear of amateur DANE implementations.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
