IETF Logo Mail Archive

Re: [Add] The ADD WG has placed draft-reddy-add-delegated-credentials in state "Call For Adoption By WG Issued"

Eric Rescorla <ekr@rtfm.com> Tue, 16 January 2024 15:00 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D3F13C31A616 for <add@ietfa.amsl.com>; Tue, 16 Jan 2024 07:00:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20230601.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7SWYJNFE0SpI for <add@ietfa.amsl.com>; Tue, 16 Jan 2024 07:00:33 -0800 (PST)
Received: from mail-yw1-x112d.google.com (mail-yw1-x112d.google.com [IPv6:2607:f8b0:4864:20::112d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8B96C5AA3B8 for <add@ietf.org>; Tue, 16 Jan 2024 06:32:44 -0800 (PST)
Received: by mail-yw1-x112d.google.com with SMTP id 00721157ae682-5f70c085d64so82322337b3.1 for <add@ietf.org>; Tue, 16 Jan 2024 06:32:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20230601.gappssmtp.com; s=20230601; t=1705415564; x=1706020364; darn=ietf.org; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=2E59r5rYXuRSAK9CEBMuUfJALqOgnULizxPJPL1IyrE=; b=ahu3uhMrv+Nm8Oyu1RzW2G/EUdVZTJEZR1jP1UedOK3HEfgKRNa2m57EwniGdDkyoM pmAiq3g5di0Ydn3HpP4u2V6EC4tjLeksMdBi39SDeEkU8Dz+IC7zJomiuIVr7Yk0Y9fa 78HDAh+DcVo8Iv+HHGrDo0ZHYxsxXUypZ44EFPB9+2AD8QVr9MzaxAeW0i737E4hbEUf HUbZ4BHOTjY4hBnepi1xjx+vGhZtr9lpbbvHfwjmLYjjXiHM8TErNzMS0DLE9EZa3C/v Fcgk7fhJkeAmj1Jo0gUimmxs+1bRzPjoEHcTvZ39Ro3sPZb49kgZQk7IJ+BULuUHE+6d rzxA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1705415564; x=1706020364; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=2E59r5rYXuRSAK9CEBMuUfJALqOgnULizxPJPL1IyrE=; b=jYmchnwVVVanZw8JPmoW7WwJW+vWtGCn/ToSD1tje3BGUunWU32vrLSXxdvU/NAdSa WB5g9UD2Aanoqe4gvuQ8H6vU3aZ7rtU6U0L4QP6gRTAPPsvQkvmDsZQgt6870JICkNai v0UFvqrEeZVwtePvYdbRJDuCk2NmZh9+khTCzspo5RLYXnDkZK+iYPCXe7lPNFZHxL+u 6qikbnQgftB5ExDa967UGmr5iiIMZSrJMD9Y3tRZSmX5KjFVgV24S+bWABqKT/Y3Z1W3 1z4M9AIKhmD1uH67fVCAD9vN36PeXS2Mz5wGCSasbrZgMECGjVQHiAXpspr9/QR1Xd3N bV9w==
X-Gm-Message-State: AOJu0Yy+ggVyuACAnFw8HrJtuXe2i9NWN0hJROSrAQ0N3DTebMpuW28p IMrOjc1mUNGbX5Fz7RUtF5D6Gl5kMhUpCAxFB0T9w8lyAmO9NG7y2XOioy/Q
X-Google-Smtp-Source: AGHT+IEBUWbncEEPN7xqPzkU/AFqH17vtKZ7Z1APt0wWzncmGparCXMLLVsV2Xk4Y05MuT8lwZ35MtI0DdWKI9VTwPM=
X-Received: by 2002:a05:6902:1408:b0:dbd:4c4d:240d with SMTP id z8-20020a056902140800b00dbd4c4d240dmr4475221ybu.59.1705415563771; Tue, 16 Jan 2024 06:32:43 -0800 (PST)
MIME-Version: 1.0
References: <170209137178.9672.6804848432978591716@ietfa.amsl.com> <3b9fa8a5-02e7-408a-8dae-799f2c4e3a8e@betaapp.fastmail.com> <CABcZeBN7whOrSw+Jn4wxtd35vqmq0O+CoejN+O49MX78X+qFsQ@mail.gmail.com> <CAFpG3geZbLC8swxK_4=GpGsQ-iMJmg=Hq8CqmNgubNbb3P2NEQ@mail.gmail.com>
In-Reply-To: <CAFpG3geZbLC8swxK_4=GpGsQ-iMJmg=Hq8CqmNgubNbb3P2NEQ@mail.gmail.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 16 Jan 2024 06:32:07 -0800
Message-ID: <CABcZeBNTQJCPHTdMxHmmz7MG=zhFY5vfRmpVhbTiKTpJeKAmcg@mail.gmail.com>
To: tirumal reddy <kondtir@gmail.com>
Cc: Martin Thomson <mt@lowentropy.net>, add@ietf.org, draft-reddy-add-delegated-credentials@ietf.org
Content-Type: multipart/alternative; boundary="000000000000df94ca060f11006f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/YZy1zTxqxlIP6P5qZg0aOuZXU7w>
Subject: Re: [Add] The ADD WG has placed draft-reddy-add-delegated-credentials in state "Call For Adoption By WG Issued"
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jan 2024 15:00:35 -0000

On Tue, Jan 16, 2024 at 4:27 AM tirumal reddy <kondtir@gmail.com> wrote:

> Hi Ekr,
>
> Please see inline
>
> On Thu, 28 Dec 2023 at 02:46, Eric Rescorla <ekr@rtfm.com> wrote:
>
>> Document: draft-reddy-add-delegated-credentials-03.txt
>>
>> I agree with Martin Thomson and others that we shouldn't adopt this
>> document at this time. I have several concerns about this specific
>> technical proposal.
>>
>> - I don't find the arguments about why this can't use ordinary WebPKI
>>   certificates persuasive; it certainly seems that there are
>>   challenges with issuing a lot of CPE certificates, but those seem
>>   like they ought to be solvable.
>>
>
> The issuance of a large number of certificates is one of the problems,
> other challenges include the dependency on the CA to issue large number
> certificates in a timely manner and to promptly replace expired
> certificates. We considered other possible solutions, please see
> https://datatracker.ietf.org/doc/html/draft-reddy-add-delegated-credentials-03#section-6
> for details. Such a scale has not been discussed in any other use cases
> like CDNs using STAR certificates.
>
> Yes, I read those sections of the draft, but as I said I didn't find those
arguments persuasive and these issues seem like they ought to be solvable.



>
>> - As far as I can tell, the current design allows an attacker wh
>>   compromises CPE unit 1 to impersonate CPE unit 2, because they have
>>   DCs rooted in the same certificate.
>>
>
> The attacker cannot impersonate CPE unit 2 without knowing the credentials
> used by the endpoints for authenticating to the CPE unit 2.
>

In this situation, the attacker has already compromised the relevant
network.

 Given that there are likely to
>>   be a very large number of each unit, key extraction seems
>>   inevitable. That seems like an undesirable set of security
>>   properties even if the client gets its opinion about which reference
>>   identity to expect from the CPE. It's a more serious problem if
>>   either (1) the client gets its opinion in some other way or (2) the
>>   client behaves differently if DNS is encrypted.
>>
>> Moreover, as Paul Wouters notes, it's not clear what the security
>> benefit of this proposal is. If the local network is secure, then
>> traffic to the CPE will be encrypted anyway, so it's not clear
>> what transport encryption of DNS is doing for us. On the other
>> hand, if the local network is insecure, then the attacker may
>> be able to impersonate the CPE and we are back to the extraction
>> case above.
>>
>
> The necessity of running encrypted DNS forwarders on the CPE is discussed
> in Section 1.2 of the draft. The DNS client is unaware of the security
> protocols employed to encrypt data from the endpoint to the CPE, and it is
> also uncertain whether the DNS server and CPE are co-located or not.
>

>
>>
>> More generally, the point of this design seems to be to preserve
>> the ability to have the CPE as an active participant in DNS
>> resolution, rather than just transiting the traffic. While
>> I appreciate that the CPE is commonly used as a control point
>> as described in S 1.1, this actually seems like not a great
>> practice given the notorious insecurity of home routers; rather,
>> it would be better to have name resolution encrypted directly
>> to the ISP resolver itself (and even better if there were some
>> way for the client to determine what that resolver's reference
>> identity was, but one step at a time).
>>
>
> The managed CPEs are hardened devices capable of running network security
> services. Security vendors have been offering security services on CPEs for
> several years, deploying them on millions of devices to secure Home
> networks, SOHO and SMB. For example, you can refer to
> https://www.mcafee.com/support/?locale=en-US&articleId=TS102712&page=shell&shell=article-view for
> details and such solutions are deployed by ISPs.
>

Yes, I'm aware this configuration is widely deployed. That doesn't make it
a good idea.

-Ekr


>
> Cheers,
> -Tiru
>
>
>>
>> Finally, Michael Richardson writes:
>>
>> > I want to remind people, particularly those who have spoken against the
>> > document that **Adoption does not mean publication**.
>>
>> This may in fact be formally true, but as a practical matter
>> documents acquire inertia once they have been adopted. So,
>> while it's reasonable to adopt a document in an imperfect
>> state under the assumption that those imperfections will
>> be corrected prior to publication, if the objection is that
>> the document is conceptually flawed, then the right answer
>> is not to adopt it at all.
>>
>> -Ekr
>>
>>
>>
>>
>> On Mon, Dec 11, 2023 at 2:09 PM Martin Thomson <mt@lowentropy.net> wrote:
>>
>>> I don't see this as ready for adoption.  I have a lot of questions that
>>> the document doesn't answer.
>>>
>>> Why is this on the standards track?  It's just say "you could do X",
>>> where X is a standards-track document.  Informational is sufficient.
>>>
>>> Given the relative levels of DC adoption, I'm not sure that this is
>>> going to make this deployment model much more accessible, but if OS vendors
>>> are on board, perhaps we'll see this change.
>>>
>>> The deployment model for this is pretty narrow, given that DC is
>>> essentially a license to impersonate.  The idea of "managed" devices makes
>>> it plausible at least, but the use of specifically-delegated names is
>>> essential.  That means that the central DNS is obligated to support ACME so
>>> that it can obtain a bunch of certificates.  (That doesn't mean STAR.
>>> Regular ACME would suffice; see below.)
>>>
>>> The tlsdelegation SvcParam makes no sense to me.  If the client has
>>> configuration sufficient to authenticate, that can include whatever
>>> information it needs to find the right endpoint to ask for a delegation.
>>>
>>> There is no delegation protocol defined.  Is it the case that this is
>>> intended to be proprietary in the same way that authentication is?
>>>
>>> I don't agree with the premise that ACME doesn't work for the CPE.  That
>>> would be a simpler overall system.  It doesn't need to be STAR.  The CPE
>>> has some means of obtaining a name from its management system.  Then it
>>> uses ACME.  Maybe it uses the management system to support the challenge
>>> (for the emplacement of DNS records, say).  Maybe this part of the protocol
>>> is standardized, maybe not.
>>>
>>> Cheers,
>>> Martin
>>>
>>> On Sat, Dec 9, 2023, at 14:09, IETF Secretariat wrote:
>>> > The ADD WG has placed draft-reddy-add-delegated-credentials in state
>>> > Call For Adoption By WG Issued (entered by Glenn Deen)
>>> >
>>> > The document is available at
>>> >
>>> https://datatracker.ietf.org/doc/draft-reddy-add-delegated-credentials/
>>> >
>>> > Comment:
>>> > WG Adoption call will run until December 15 2023
>>> >
>>> > --
>>> > Add mailing list
>>> > Add@ietf.org
>>> > https://www.ietf.org/mailman/listinfo/add
>>>
>>> --
>>> Add mailing list
>>> Add@ietf.org
>>> https://www.ietf.org/mailman/listinfo/add
>>>
>> --
>> Add mailing list
>> Add@ietf.org
>> https://www.ietf.org/mailman/listinfo/add
>>
>

v2.23.0 | Report a Bug | By Email