Richard, ekr and I have submitted a draft describing UKS attacks on certain DANE usages:
https://datatracker.ietf.org/doc/draft-barnes-dane-uks/ The draft contains the details, but the short version is that usages 2 and 3 are potentially vulnerable to an unknown key share attack if the client fails to verify the identity of the server. Since Section 5.1 of RFC RFC 7671 explicitly states that client's should NOT verify the identity of the server in these cases. The draft describes how this attack can be used to circumvent cross-origin safeguards on the web. It also explains how to properly avoid the attack. As I understand it, email is believed to be unaffected since the mail security model explicitly permits UKS attacks (MX). Thanks to Karthik Bhargavan for pointing out this problem and in helping to analyze it. --Martin _______________________________________________ dane mailing list dane@ietf.org https://www.ietf.org/mailman/listinfo/dane