On Fri, May 30, 2014 at 03:02:22PM -0400, James Cloos wrote:
> A 3 0 0 tlsa will work as well as a 3 1 x. The client can pull the spki
> out on its own.
Not true. When the server presents only the SPKI (no certificate
wrapped around it), the client cannot magically reconstruct the
enclosing certificate.
> It is not that *all* tlsas need to be limited just because the server
> supports the oob methods. Rather, *at least one* of the published tlsas
> must be usable (3-0-0 or 3-1-x and secure in this case) and match.
Not true. If the server's "3 1 x" RRs reflect only keys that were
active in the past, or only keys that will be active in the future,
while the currently active certificate key matches other TLSA RRs
((usage, selector) != (DANE-EE(3), SPKI(1)) then the client loses
if it negotiates "oob public key" and server only presents a leaf
SPKI instead of a leaf cert.
I wish folks would take a moment to think this through, it is not
that hard. If you still don't see it, you've not thought about it
hard enough yet.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
