Martin Thomson wrote: > Richard, ekr and I have submitted a draft describing UKS attacks on > certain DANE usages: > > https://datatracker.ietf.org/doc/draft-barnes-dane-uks/ > > The draft contains the details, but the short version is that usages 2 > and 3 are potentially vulnerable to an unknown key share attack if the > client fails to verify the identity of the server. Since Section 5.1 > of RFC RFC 7671 explicitly states that client's should NOT verify the > identity of the server in these cases.
The description of the problem sounds vaguely familiar. https://www.ietf.org/mail-archive/web/dane/current/msg03737.html -Martin _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
