On Thu, Apr 05, 2018 at 03:04:03AM +0000, Richard Barnes wrote: > And just to be clear, by "downgrade attack", you mean "normal PKI > authentication that we rely on today". There's nothing in here that
It's NOT that using WebOKI is a downgrade. It's that if an operator wants to use DANE (with any usage), then they want to use DANE. If an impersonator can make that not happen, it's a downgrade from the operator's perspective (because they then don't get what they wanted). > degrades security (except maybe the legacy crypto in the DNS); it's > just not meeting the bar that you are setting. That doesn't mean > there's not still some utility to be had. Nonsense. The operator wants DANE? They should be able to get it. If an active attacker can make that not happen at will, then that is and can only be called a downgrade attack. Waving your hands doesn't make this go away. The WebPKI's security is irrelevant to this discussion. Only the server operator's desired outcome is relevant. If they can't get it, then this protocol is not useful to them. And this protocol is all about using DANE in TLS applications!!! Nico -- _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
