On Tue, Jun 02, 2015 at 03:55:07PM +0200, Olaf Schreck wrote:
> Slightly OT: These slides
>
> > https://ripe68.ripe.net/presentations/253-DANEs_don%27t_lie-20140512.pdf
>
> state on page 26: "DANE TLSA Benefits: prevents STARTTLS "downgrade" attacks"
>
> I'm probably missing something. How does publication of a TLSA record
> prevent STARTTLS downgrade attacks?
It turns downgrade attacks into denial of service. DANE-enabled
clients do not deliver mail in cleartext to servers with published
TLSA RRs. Various other MiTM attacks are also transformed into
DoS. A network-attacker can always inject TCP resets or block
packet flow, so this is not really a new DoS vector.
A more important DoS to worry about is poorly managed servers
that publish wrong or stale TLSA RRs.
DO NOT publish stale TLSA records!!!
If you're can't reliably remember to update TLSA records before
updating certificates, do yourself and everyone else a favour and
DO NOT implement DANE. If you can operate your system with care,
make sure to follow:
https://tools.ietf.org/html/draft-ietf-dane-ops-12#section-8
--
Viktor.
