On Thu, Apr 05, 2018 at 06:33:10AM -0700, Eric Rescorla wrote: > On Thu, Apr 5, 2018 at 2:02 AM, Paul Wouters <p...@nohats.ca> wrote: > > On Wed, 4 Apr 2018, Eric Rescorla wrote: > >> HPKP had a TTL and yet as a practical matter, people found it very > >> problematic. > >> And, of course, if you're concerned with hijacking attacks, the > >> hijacker will just advertise a very long TTL. > > > > By publising DANE records with either a TLSA record or a denial of > > existence proof, you can override any longterm TTL. > > > > If an attacker puts in a 1 year PIN/TTL, any TLS-dnssec extension > > containing a valid NSEC proof of non-existence overrides the > > previous TTL/PIN.' > > Thanks. This is a good point that I agree does not apply to HPKP. > > However, that doesn't mean that hijacking isn't a problem (though I > agree a less serious one). If I have no provisions for DNSSEC at all > and the attacker does pin hijacking I could be offline for hours to > days while I figure out how to get and serve them.
I've been calling this pin-to-DANE because it's short, but, really, it's pin-to-using-this-extension. You can use this extension even if your domain is not signed because the proof that it isn't signed would be delivered in this extension. I believe the only way pinning to this extension can cause the hijacking you propose is if the root zone stops being signed as then there would be no way to prove that you're no longer using DANE :) Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
