IETF Logo Mail Archive

Re: [Add] The ADD WG has placed draft-reddy-add-delegated-credentials in state "Call For Adoption By WG Issued"

tirumal reddy <kondtir@gmail.com> Thu, 18 January 2024 06:53 UTC

Return-Path: <kondtir@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B123EC14F73E; Wed, 17 Jan 2024 22:53:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wKLKT9XIPOoz; Wed, 17 Jan 2024 22:53:54 -0800 (PST)
Received: from mail-ej1-x62e.google.com (mail-ej1-x62e.google.com [IPv6:2a00:1450:4864:20::62e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F218C14F690; Wed, 17 Jan 2024 22:53:54 -0800 (PST)
Received: by mail-ej1-x62e.google.com with SMTP id a640c23a62f3a-a2bea904e72so210557266b.0; Wed, 17 Jan 2024 22:53:54 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1705560832; x=1706165632; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=8/oZFQS7MX1cNHNv1Ru+GCifomzUxz7zBIn1FsMTGuU=; b=a6RlOhsVJewhYBT3D5o7F2kpcnZMgH2NjFaBlZHL5Ru5legoyntiMYsH0DMY/sFaem B5yCfXmZ9dneEk8prOecOYX7xO3OHCcVQ1v7hjiEr466rG2dimQxTkxMxfS7IAzis93C CrPQQGzCJkjZu4FM4MZQO8Lpw4iBZu52HjTBSV2Lw7QMPmXqsK6G/pg5hMkI8jlq+NZ8 gVkLElJ4gj+uYRNlaWQlzIpqzFnoA5iTp6Xtc/bw/772Tg99Cvd1FJflYwSUAQy6fl2Z Anf3byee4/7gV6zjhzymkiad32yWW9ZKltI4LLyvC0khLa8et6LaLGmBw8Iqw6YvnYES r8pg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705560832; x=1706165632; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=8/oZFQS7MX1cNHNv1Ru+GCifomzUxz7zBIn1FsMTGuU=; b=nVrvlmbDRM5GyoZfR9oGAkZ6G0pX7nMrU+/I/HEUIo0W3DyM/AOwabGPk9q4m7TRwZ nF9Z2jR4rRCCofJJ888W7bcLxNjPVv1j4JurINbe0L2RsjBwSJ0nRP9lsTFtCeBbSC2a likv81qsFG00/7jOViZvVPNSrY7kLiS2k8eNV5QLFYHFsVOWBsdEJ1GeA20a3tNTggIO RcH6ao/wJnZTQp1qvDXgM9pS0x84qAtnHV/dTsMeBN2T358yqAkWV7IlDIvmwCWxO2Q6 +ZFzld/6zj2+6BWLrmOYW01KkAeigjA+gNb8UUM1TsTImCfaFIH6ebZToShPYgJm6rMF 6Kpg==
X-Gm-Message-State: AOJu0YzpXryP1R5aY2ZyOps9zZBGH/SYQK4tQTYnP4vufZ96kTOAEil1 P/zV1qqYjxTu/Hca3WQB9WLL/2YsRrZ95eV3zg8W6kip9Vv0Pi2L4mq3cTFHF3Mfc0KVSKO0ZpT z+VK4NvBdPicxUSLSBiTV65EI1Ar7hFyRufs=
X-Google-Smtp-Source: AGHT+IFv0GwTTvEgbIEUFcS1o+h3luIu5IoWsZKYDLdTn+0J/ltkeTc3BncmyAveMswfUeHpNyevBBQdkuWLwy9DGdQ=
X-Received: by 2002:a17:906:1694:b0:a2e:9531:94e with SMTP id s20-20020a170906169400b00a2e9531094emr393288ejd.3.1705560831992; Wed, 17 Jan 2024 22:53:51 -0800 (PST)
MIME-Version: 1.0
References: <170209137178.9672.6804848432978591716@ietfa.amsl.com> <3b9fa8a5-02e7-408a-8dae-799f2c4e3a8e@betaapp.fastmail.com> <CABcZeBN7whOrSw+Jn4wxtd35vqmq0O+CoejN+O49MX78X+qFsQ@mail.gmail.com> <CAFpG3geZbLC8swxK_4=GpGsQ-iMJmg=Hq8CqmNgubNbb3P2NEQ@mail.gmail.com> <CABcZeBNTQJCPHTdMxHmmz7MG=zhFY5vfRmpVhbTiKTpJeKAmcg@mail.gmail.com>
In-Reply-To: <CABcZeBNTQJCPHTdMxHmmz7MG=zhFY5vfRmpVhbTiKTpJeKAmcg@mail.gmail.com>
From: tirumal reddy <kondtir@gmail.com>
Date: Thu, 18 Jan 2024 12:23:14 +0530
Message-ID: <CAFpG3ge4ATrps2-V1mUuZHtwTrphR_yUVyT996eCFke+bwBDSw@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Martin Thomson <mt@lowentropy.net>, add@ietf.org, draft-reddy-add-delegated-credentials@ietf.org
Content-Type: multipart/alternative; boundary="00000000000088a81f060f32d305"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/OXUrmyXhI463wfYpUr0W89PuBQE>
Subject: Re: [Add] The ADD WG has placed draft-reddy-add-delegated-credentials in state "Call For Adoption By WG Issued"
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Jan 2024 06:53:55 -0000

On Tue, 16 Jan 2024 at 20:02, Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Tue, Jan 16, 2024 at 4:27 AM tirumal reddy <kondtir@gmail.com> wrote:
>
>> Hi Ekr,
>>
>> Please see inline
>>
>> On Thu, 28 Dec 2023 at 02:46, Eric Rescorla <ekr@rtfm.com> wrote:
>>
>>> Document: draft-reddy-add-delegated-credentials-03.txt
>>>
>>> I agree with Martin Thomson and others that we shouldn't adopt this
>>> document at this time. I have several concerns about this specific
>>> technical proposal.
>>>
>>> - I don't find the arguments about why this can't use ordinary WebPKI
>>>   certificates persuasive; it certainly seems that there are
>>>   challenges with issuing a lot of CPE certificates, but those seem
>>>   like they ought to be solvable.
>>>
>>
>> The issuance of a large number of certificates is one of the problems,
>> other challenges include the dependency on the CA to issue large number
>> certificates in a timely manner and to promptly replace expired
>> certificates. We considered other possible solutions, please see
>> https://datatracker.ietf.org/doc/html/draft-reddy-add-delegated-credentials-03#section-6
>> for details. Such a scale has not been discussed in any other use cases
>> like CDNs using STAR certificates.
>>
>> Yes, I read those sections of the draft, but as I said I didn't find
> those arguments persuasive and these issues seem like they ought to be
> solvable.
>

Please refer to
https://www.ietf.org/archive/id/draft-reddy-add-delegated-credentials-03.html#section-6
for details on the limitations of alternate solutions. We could not
identify any better options for hosting an encrypted DNS server on a large
number of managed CPEs. It would be helpful to explore any other
alternative solutions and discuss their pros/cons.


>
>
>
>>
>>> - As far as I can tell, the current design allows an attacker wh
>>>   compromises CPE unit 1 to impersonate CPE unit 2, because they have
>>>   DCs rooted in the same certificate.
>>>
>>
>> The attacker cannot impersonate CPE unit 2 without knowing the
>> credentials used by the endpoints for authenticating to the CPE unit 2.
>>
>
> In this situation, the attacker has already compromised the relevant
> network.
>

The PKI certificate is issued to a service in the infrastructure owned by
the entity managing the CPEs. The private key associated with the
PKI certificate is used to sign the delegated credentials on each CPE. I
don't get how compromising CPE unit 1 would leak the credentials used by
the endpoints for authenticating to the CPE unit 2.


>
>  Given that there are likely to
>>>   be a very large number of each unit, key extraction seems
>>>   inevitable. That seems like an undesirable set of security
>>>   properties even if the client gets its opinion about which reference
>>>   identity to expect from the CPE. It's a more serious problem if
>>>   either (1) the client gets its opinion in some other way or (2) the
>>>   client behaves differently if DNS is encrypted.
>>>
>>> Moreover, as Paul Wouters notes, it's not clear what the security
>>> benefit of this proposal is. If the local network is secure, then
>>> traffic to the CPE will be encrypted anyway, so it's not clear
>>> what transport encryption of DNS is doing for us. On the other
>>> hand, if the local network is insecure, then the attacker may
>>> be able to impersonate the CPE and we are back to the extraction
>>> case above.
>>>
>>
>> The necessity of running encrypted DNS forwarders on the CPE is discussed
>> in Section 1.2 of the draft. The DNS client is unaware of the security
>> protocols employed to encrypt data from the endpoint to the CPE, and it is
>> also uncertain whether the DNS server and CPE are co-located or not.
>>
>
>>
>>>
>>> More generally, the point of this design seems to be to preserve
>>> the ability to have the CPE as an active participant in DNS
>>> resolution, rather than just transiting the traffic. While
>>> I appreciate that the CPE is commonly used as a control point
>>> as described in S 1.1, this actually seems like not a great
>>> practice given the notorious insecurity of home routers; rather,
>>> it would be better to have name resolution encrypted directly
>>> to the ISP resolver itself (and even better if there were some
>>> way for the client to determine what that resolver's reference
>>> identity was, but one step at a time).
>>>
>>
>> The managed CPEs are hardened devices capable of running network security
>> services. Security vendors have been offering security services on CPEs for
>> several years, deploying them on millions of devices to secure Home
>> networks, SOHO and SMB. For example, you can refer to
>> https://www.mcafee.com/support/?locale=en-US&articleId=TS102712&page=shell&shell=article-view for
>> details and such solutions are deployed by ISPs.
>>
>
> Yes, I'm aware this configuration is widely deployed. That doesn't make it
> a good idea.
>

Why is it not a good idea to run encrypted DNS forwarder on a hardened CPE ?

-Tiru


>
>

> -Ekr
>
>
>>
>> Cheers,
>> -Tiru
>>
>>
>>>
>>> Finally, Michael Richardson writes:
>>>
>>> > I want to remind people, particularly those who have spoken against the
>>> > document that **Adoption does not mean publication**.
>>>
>>> This may in fact be formally true, but as a practical matter
>>> documents acquire inertia once they have been adopted. So,
>>> while it's reasonable to adopt a document in an imperfect
>>> state under the assumption that those imperfections will
>>> be corrected prior to publication, if the objection is that
>>> the document is conceptually flawed, then the right answer
>>> is not to adopt it at all.
>>>
>>> -Ekr
>>>
>>>
>>>
>>>
>>> On Mon, Dec 11, 2023 at 2:09 PM Martin Thomson <mt@lowentropy.net>
>>> wrote:
>>>
>>>> I don't see this as ready for adoption.  I have a lot of questions that
>>>> the document doesn't answer.
>>>>
>>>> Why is this on the standards track?  It's just say "you could do X",
>>>> where X is a standards-track document.  Informational is sufficient.
>>>>
>>>> Given the relative levels of DC adoption, I'm not sure that this is
>>>> going to make this deployment model much more accessible, but if OS vendors
>>>> are on board, perhaps we'll see this change.
>>>>
>>>> The deployment model for this is pretty narrow, given that DC is
>>>> essentially a license to impersonate.  The idea of "managed" devices makes
>>>> it plausible at least, but the use of specifically-delegated names is
>>>> essential.  That means that the central DNS is obligated to support ACME so
>>>> that it can obtain a bunch of certificates.  (That doesn't mean STAR.
>>>> Regular ACME would suffice; see below.)
>>>>
>>>> The tlsdelegation SvcParam makes no sense to me.  If the client has
>>>> configuration sufficient to authenticate, that can include whatever
>>>> information it needs to find the right endpoint to ask for a delegation.
>>>>
>>>> There is no delegation protocol defined.  Is it the case that this is
>>>> intended to be proprietary in the same way that authentication is?
>>>>
>>>> I don't agree with the premise that ACME doesn't work for the CPE.
>>>> That would be a simpler overall system.  It doesn't need to be STAR.  The
>>>> CPE has some means of obtaining a name from its management system.  Then it
>>>> uses ACME.  Maybe it uses the management system to support the challenge
>>>> (for the emplacement of DNS records, say).  Maybe this part of the protocol
>>>> is standardized, maybe not.
>>>>
>>>> Cheers,
>>>> Martin
>>>>
>>>> On Sat, Dec 9, 2023, at 14:09, IETF Secretariat wrote:
>>>> > The ADD WG has placed draft-reddy-add-delegated-credentials in state
>>>> > Call For Adoption By WG Issued (entered by Glenn Deen)
>>>> >
>>>> > The document is available at
>>>> >
>>>> https://datatracker.ietf.org/doc/draft-reddy-add-delegated-credentials/
>>>> >
>>>> > Comment:
>>>> > WG Adoption call will run until December 15 2023
>>>> >
>>>> > --
>>>> > Add mailing list
>>>> > Add@ietf.org
>>>> > https://www.ietf.org/mailman/listinfo/add
>>>>
>>>> --
>>>> Add mailing list
>>>> Add@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/add
>>>>
>>> --
>>> Add mailing list
>>> Add@ietf.org
>>> https://www.ietf.org/mailman/listinfo/add
>>>
>>

v2.23.0 | Report a Bug | By Email