Re: wget2 | New option --dane (!522)

[Viktor Dukhovni (@dviktor)]

Viktor Dukhovni commented on a discussion: 
https://gitlab.com/gnuwget/wget2/-/merge_requests/522#note_1365441531

> I'm no expert on DNS, I confess I learned about it only two weeks ago, but I 
> thought DNSSEC wasn't vulnerable to downgrade attacks owing to the way it 
> works?

I am an expert in DNS, and while DNSSEC is not vulnerable to downgrades to 
**insecure** responses, it is (as all distributed systems) vulnerable to denial 
of service.  If a DNS timeout, or other transient lookup failure (including a 
"BOGUS" DNSSEC denial of existence) is tolerated and treated as absence of TLSA 
records, then discovery of TLSA records is subject to downgrade for an 
application that does not **mandate** TLSA record presence.

So the key question here is whether `--dane` **requires** TLSA records, or 
merely *probes* for TLSA records, using them only *when found*, and what 
happens when discovery of TLSA records runs into a transient failure (not 
NODATA or NXDOMAIN, for which DNSSEC does provide denial of existence 
authentication).

And, secondly, does "--dane" as only a fallback from WebPKI make a compelling 
feature?  The resulting protocol is as secure WebPKI or DANE, whichever is 
weakest (compromising *either* for a given domain lets the attacker impersonate 
the peer).

So the feature as implemented rather differs from what one would expect from 
RFC6698, RFC7671, RFC7435, ... What is the actual design goal here?  Is it 
truly to fall back to DANE when WebPKI fails (WebPKI or DANE whichever is 
weaker)?

-- 
Reply to this email directly or view it on GitLab: 
https://gitlab.com/gnuwget/wget2/-/merge_requests/522#note_1365441531
You're receiving this email because of your account on gitlab.com.