Re: [Add] [EXTERNAL] I-D Action: draft-ietf-add-ddr-01.txt
Ben Schwartz <bemasc@google.com> Wed, 16 June 2021 16:36 UTC
Return-Path: <bemasc@google.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 849053A1E99 for <add@ietfa.amsl.com>; Wed, 16 Jun 2021 09:36:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LxzuZNMhhH2i for <add@ietfa.amsl.com>; Wed, 16 Jun 2021 09:35:57 -0700 (PDT)
Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1027A3A1E9A for <add@ietf.org>; Wed, 16 Jun 2021 09:35:56 -0700 (PDT)
Received: by mail-wm1-x32d.google.com with SMTP id h21-20020a1ccc150000b02901d4d33c5ca0so29906wmb.3 for <add@ietf.org>; Wed, 16 Jun 2021 09:35:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=bayT+DOK3bGyJhnCaplLWadXJkCuAp9gWQ9B6UX6G5Y=; b=oTAVBI9OP7sDrP/h5W/49sHPbV7wmJzp7v2/AQnsUyyOP1JYOgSUaIbV4uWiMEMhdx +rT3WXVB48DRRjSOxA8IDNJW2dFFezqL0S6Ckp9Z4w4DawsklGJ7rC8qkAogzVMj302S zdLVqBn/zjd1ATD9N/jraiUCbKsTseFSToLUSsqPmVrMocxYDRmO9RoWrgc8N/prvZT2 K7y+PRSM0U6470HJ/ONUG5VhQ3en/IbGn6hDw/yMbNOwZQDUnxvUawPSW4KDlNCJpz0r 9GBFIGTfja8dsuwPHv3ipMt83LfuRu446HYmPo7O+/pswD3llh6OXv+/vn2566i5nHwg 9Csw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=bayT+DOK3bGyJhnCaplLWadXJkCuAp9gWQ9B6UX6G5Y=; b=ntV3wb8CGkW+LkwR+dASqUt7fFfiNtGvhzSUnCJFEAxu9ps9Fc17WCmsHz1rstcxem c2NvC3lUzSY4bYgc3M/vh4ItMN43xbXbjYUr1LukroWguGIkqaHjW7tCGgWhlRFHFsH/ XMgLBZ9C8+apMH9LwZFl0qNyvIRPpmVNs2QDZn3dz/W8RBTvswSjUS8o2jz4uXQVbdgo /PueSiAz/NlKQWcL1WryF/UqT7lsD3yJD71SmU6oZRGL3mk0MsetRDMPplUzC1ZRD3t0 m+9y5KrqcXFU+zoBjoo8pP8LPdTodvEfF8X+9hgdi98egYDt70aAwn654gCuBdWjc9rq dh/w==
X-Gm-Message-State: AOAM532deBx5CV9uwkCLPMWDHvHVYMn6w6B4pNujbSqUsk1fMCmontbK qGPw77PYx7ApUpnyQ06ZcLkM56+6ZaXGRDah4Pgedw==
X-Google-Smtp-Source: ABdhPJyQYWRrOPJgwZJ+gJd29zEl3BM90JW8oGOqaUw9MUqI9fIbSd2hbyShTEQ9fNF5jT3LdKD/o3oxklNZ1izEV2Q=
X-Received: by 2002:a1c:1d05:: with SMTP id d5mr858090wmd.132.1623861349881; Wed, 16 Jun 2021 09:35:49 -0700 (PDT)
MIME-Version: 1.0
References: <162371155812.25682.11014036541727314816@ietfa.amsl.com> <MW2PR00MB034747898A4CA25E614E3222FA319@MW2PR00MB0347.namprd00.prod.outlook.com> <CACJ6M15YaZBhJA8NHmau-K22wbS4QCFuQZx04daTMsNrCQ0rdQ@mail.gmail.com> <CAHbrMsCiCRpRhxhcp7Nryz05JgXr2+j5eAr6HOumPD0=sCHwvw@mail.gmail.com> <SN6PR00MB03517A0AB3B60916F6D8E556FA0F9@SN6PR00MB0351.namprd00.prod.outlook.com>
In-Reply-To: <SN6PR00MB03517A0AB3B60916F6D8E556FA0F9@SN6PR00MB0351.namprd00.prod.outlook.com>
From: Ben Schwartz <bemasc@google.com>
Date: Wed, 16 Jun 2021 12:35:38 -0400
Message-ID: <CAHbrMsB4XBgN1H+MSU7YUkx3bXDke7xT_YZGWY=JpJ8LsQDU3g@mail.gmail.com>
To: Tommy Jensen <Jensen.Thomas=40microsoft.com@dmarc.ietf.org>
Cc: "chris.box.ietf@gmail.com" <chris.box.ietf@gmail.com>, "add@ietf.org" <add@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000f418c605c4e4ae34"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/Ey2ma6AdoFW0S8j2cfEHCkoZyZ8>
Subject: Re: [Add] [EXTERNAL] I-D Action: draft-ietf-add-ddr-01.txt
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Jun 2021 16:36:02 -0000
On Wed, Jun 16, 2021 at 11:47 AM Tommy Jensen <Jensen.Thomas= 40microsoft.com@dmarc.ietf.org> wrote: ... > Hey Ben, > > > > I appreciate your efforts in keeping up with the base draft, but I think > your proposal is best served by a separate document. > Perhaps. I think we need more WG input on which use cases are most relevant. The expanded scope it introduces significantly lowers the security posture > of DDR overall, which you indirectly acknowledge in the text: > > > > “If the client does not have a Validation Identity, or the Validation > Identity > > was discovered insecurely (e.g. via CNAME), the client SHOULD limit the > > validity duration of the discovered information (e.g. the SVCB response > > TTL) to no more than 5 minutes. The client MAY make use of this encrypted > > connection, but SHOULD NOT assume that the connection is more secure > > than an unencrypted connection.” > > > > I do not think we should be trying to add this to a standard that > otherwise provides connections of improved security. While DDR can be > blocked by an on-path attacker, a successful upgrade can be trusted to be > an entity designated by the original resolver owner. > I don't agree with this assessment. When the unencrypted resolver is identified by a private IP, both versions are susceptible to capture and forgery by an on-path attacker. When it has a public IP or name, neither version is. > This PR introduces a mechanism where that is not true. > The difference is much subtler. In draft-01, private IP upgrade is vulnerable to capture by any on-path attacker. In PR #11, private IP upgrade is additionally vulnerable for a short time window after an on-path attacker ceases to be on-path. This time can be driven to ~zero by revalidating the designation before each query, but I think revalidating every few minutes is likely to be sufficient in practice. If PR #11 enables significantly broader use of encrypted DNS, as seems likely, I think it would represent an improvement to overall security. Since clients will have different opinions on the need to support DDR as it > is currently defines versus this PR, we should provide them as separate > documents to avoid clients deploying only partial standard support (as it > seems likely many will choose to not support this option). > > Since the protocol elements are unchanged, one possibility would be to name client profiles with different acceptance criteria. >
- Re: [Add] [EXTERNAL] I-D Action: draft-ietf-add-d… Tommy Jensen
- [Add] I-D Action: draft-ietf-add-ddr-01.txt internet-drafts
- Re: [Add] [EXTERNAL] I-D Action: draft-ietf-add-d… sanjay.mishra
- Re: [Add] [EXTERNAL] I-D Action: draft-ietf-add-d… Tommy Jensen
- Re: [Add] [EXTERNAL] I-D Action: draft-ietf-add-d… sanjay.mishra
- Re: [Add] [EXTERNAL] I-D Action: draft-ietf-add-d… Chris Box
- Re: [Add] [EXTERNAL] I-D Action: draft-ietf-add-d… Ben Schwartz
- Re: [Add] [EXTERNAL] I-D Action: draft-ietf-add-d… Tommy Jensen
- Re: [Add] [EXTERNAL] I-D Action: draft-ietf-add-d… Ben Schwartz
- Re: [Add] [EXTERNAL] I-D Action: draft-ietf-add-d… Tommy Jensen
- Re: [Add] [EXTERNAL] I-D Action: draft-ietf-add-d… Ben Schwartz
- Re: [Add] [EXTERNAL] I-D Action: draft-ietf-add-d… Tommy Jensen
- Re: [Add] [EXTERNAL] I-D Action: draft-ietf-add-d… Ben Schwartz
- Re: [Add] [EXTERNAL] I-D Action: draft-ietf-add-d… tirumal reddy