[gnutls-devel] DANE validation
tg at tgbit.net
Sun Feb 17 22:20:50 CET 2013
>>>>> On Sun, 17 Feb 2013 20:32:51 +0100, Nikos Mavrogiannopoulos <nmav at gnutls.org> said:
> On Sun, Feb 17, 2013 at 5:09 PM, Gabor Toth <tg at tgbit.net> wrote:
>> - in case of usage 0 & 2, only the direct issuer is checked instead of the
>> whole chain
> That's also intentional. What scenario do you have in mind that is not
> covered by the current case?
The RFC does not limit it to the immediate issuer, for instance a TLSA record
could contain a root CA certificate instead of an immediate issuer, which is not
checked by the current implementation.
>> As described in the RFC, PKIX path validation should be performed either using the
>> trust anchor specified in the TLSA record (usage 2), or using the system trust
>> anchors (usage 0 & 1)
> In gnutls DANE validation is independent to other certificate
> validation methods. One can do PKIX validation, DANE (as DNS-based),
> TOFU (trust on first use) or any combination of them.
In this case the documentation should explicitly mention that PKIX path
validation is not performed and should be done separately to avoid confusion.
> One could of course strictly follow the DANE RFC validation methods if
> he needs to.
The current API does not make it easy to do that. In case of usage 2, the trust
anchor specified in the TLSA record should be used for PKIX path validation. In
this case dane_verify_crt() could return the index of the certificate in the
chain that matched as trust anchor, so that PKIX path validation could be
performed up to that certificate in the chain, possibly using
gnutls_x509_crt_verify() with the returned trust anchor as the CA_list argument.
More information about the Gnutls-devel