On Thu, Apr 5, 2018 at 2:02 AM, Paul Wouters <p...@nohats.ca> wrote: > On Wed, 4 Apr 2018, Eric Rescorla wrote: > > HPKP had a TTL and yet as a practical matter, people found it very >> problematic. >> And, of course, if you're concerned with hijacking attacks, the hijacker >> will >> just advertise a very long TTL. >> > > By publising DANE records with either a TLSA record or a denial of > existence proof, you can override any longterm TTL. > > If an attacker puts in a 1 year PIN/TTL, any TLS-dnssec extension > containing a valid NSEC proof of non-existence overrides the previous > TTL/PIN.'
Thanks. This is a good point that I agree does not apply to HPKP. However, that doesn't mean that hijacking isn't a problem (though I agree a less serious one). If I have no provisions for DNSSEC at all and the attacker does pin hijacking I could be offline for hours to days while I figure out how to get and serve them. -Ekr > In fact, this is one of the reasons the WG should decide to fix the > current draft to include proofs of denial of existence. > > Paul > > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls >
_______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
