IETF Logo Mail Archive

Re: [Add] [Ext] Draft Posting: CNAME Discovery of Local DoH Resolvers

Eric Rescorla <ekr@rtfm.com> Tue, 30 June 2020 12:58 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 246083A07E0 for <add@ietfa.amsl.com>; Tue, 30 Jun 2020 05:58:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Y6TlWHF-hcH6 for <add@ietfa.amsl.com>; Tue, 30 Jun 2020 05:58:40 -0700 (PDT)
Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com [IPv6:2a00:1450:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C3523A07D7 for <add@ietf.org>; Tue, 30 Jun 2020 05:58:40 -0700 (PDT)
Received: by mail-lf1-x136.google.com with SMTP id k15so11283386lfc.4 for <add@ietf.org>; Tue, 30 Jun 2020 05:58:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=VS9FSvGxPbqrBJlv2CrFRh4YE6QpTM62AASYi4X+Aw4=; b=gPGC5aIJP3jemRWdqjSeCuZJF3d6Ii6l9OIjodI1sxHDIUufu699NZF1GgDvndFDiz HVFhJQJo9/WtKoT9i3V0V4CbtxUoaww27Gixqdr+cXZJzshgkCCa6ABaX7pzKo47/euu C7+6csbhC/LQ3IIm4OcV9j1muo7F0Btjb6Zq1jJTgiq4S6Yzq56xmR6e5dD4714DW37X ryi3zRwctMKMBNYxtLXbyXzRZBxsMcqPP2Ro3pz+T8fCZEfTJSTPG2qL69fOqUxHU9+L VSM2CY3MYtxxiap6DHk/s3brkzQ3+6smFwa0ApvHZ6vWSIfBxD9QrNvacOn4QbJL1hNZ srsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=VS9FSvGxPbqrBJlv2CrFRh4YE6QpTM62AASYi4X+Aw4=; b=o9hFY15PdFH4OnlMRhk8HsVreqMB9WtoNzuz10hk2GlCdjZElr6A3SELllOMxKjFa3 bKKDhjq+QX+1rGMDcPy8EsK+J1X21D2kfINf8IMQnVELA6CXauTklzU0elgQ39O63cIf 5KPwAQRSZq6TzWrc4+R8JFCXf//P+tVMsN/ThjGrXuHjJ9oU4M/N/yp+Wi42ikHZdUO4 SQS+FmedGLLkjwjJS86iwjBzGOCMjZTtktEmdsAXJ/vn29NNASE8b4XsglirqbSp15Z4 2YUEAxUGdVLKTb3+9JBxnV0HF7vG+lqKgsljy3dJBSiqcixQD2x0sXjjfOaabNE6RniA Tjeg==
X-Gm-Message-State: AOAM530jPzkQgI/UJZGe9skpz70EtJRhX6BwNdOUcBCzevEnRU3JAK9H WSbtN0ATnK/f0vbtdq5xwtnp2Yh3U7uyDgs8RuEGdm2pPJM=
X-Google-Smtp-Source: ABdhPJzTSq3r2b7g9upDX7qRWo4AARqANkSur7YdLNyGSOlZAbaMEA2y1HN4Hzi3wXd2tuJLXv+5GdhpRN2AXM9OZOg=
X-Received: by 2002:ac2:5f04:: with SMTP id 4mr11809995lfq.140.1593521918174; Tue, 30 Jun 2020 05:58:38 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBPTkWeB40wpTowKvEJ-gXA3AL2e-BE+C_FC7Js7-D0DZQ@mail.gmail.com> <bd78f54e-038d-9cff-b6a8-c9c6323ed5f5@redbarn.org> <668384b7-90f5-4ff1-b9e2-d0257aee731d@www.fastmail.com> <3421779.8U4dVgcHlH@linux-9daj>
In-Reply-To: <3421779.8U4dVgcHlH@linux-9daj>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 30 Jun 2020 05:58:01 -0700
Message-ID: <CABcZeBP8okFjJZk6+PYnTRqDi+KW+=4eT9niRZKkQ00THgL81g@mail.gmail.com>
To: Paul Vixie <paul@redbarn.org>
Cc: ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000dff9fb05a94cbbad"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/cZkbO9r__dGRW9uTSlNC3C8oGq0>
Subject: Re: [Add] [Ext] Draft Posting: CNAME Discovery of Local DoH Resolvers
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jun 2020 12:58:43 -0000

On Tue, Jun 30, 2020 at 2:19 AM Paul Vixie <paul@redbarn.org> wrote:

> On Tuesday, 30 June 2020 09:07:43 UTC Martin Thomson wrote:
> > Hi Paul,
> >
> > On Tue, Jun 30, 2020, at 17:51, Paul Vixie wrote:
> > > Eric Rescorla wrote on 2020-06-29 20:08:
> > > > On Mon, Jun 29, 2020 at 8:05 PM Daniel Migault <mglt.ietf@gmail.com
> > > >
> > > > <mailto:mglt.ietf@gmail.com>> wrote:
> > > >     If the lookup takes as input the IP addresses or something
> provided
> > > >     by the ISP (like the local resolver IP address), the resulting
> chain
> > > >     is likely to be from the ISP. DNSSEC is needed to assert it.
> > > >
> > > > Why do you assume that the IP is delivered securely?
> > >
> > > because dnssec allows me to verify end-to-end authenticity of
> > > name/address bindings (and other dns content.)
> >
> > DNSSEC allows you to be sure of the veracity of what comes from DNSSEC,
> but
> > in this case the IP address didn't come from DNSSEC.  It's not DNS
> content.
>
> i have badly misunderstood.
>
> the way i know that the ip address provided by the isp was delivered
> securely
> today is because off-net DHCP forgery is hard,


Let's start here:
I agree that off-net DHCP forgery is hard. However, once you assume that
you are off-path, then Do53 interception is *also* hard. So for this to be
useful you need an environment in which the attacker is able to attack Do53
but *not* to attack DHCP. What I'm asking for is for someone to define that
threat model precisely so that we can design protocols that match it.


moving on, what i'd love to have is SDNCP rather than DHCP. S=secure,
> N=network. because i want to know i'm getting what the operator of the
> network
> wants me to get, and because there are other parameters besides RDNS that
> i
> care about, such as whether there's a mandatory HTTPS or HTTP/3 proxy i
> will
> have to talk to. because, IoT. if DHCP isn't useful because it's not
> secure,
> we should stop using it. but before we could do that, we'd have to meet
> its
> functionality in another way.
>

> i realize that i've identified an unmarketable general case which has got
> to
> sound like i want to boil the ocean, or boil frogs, or something. but i
> figure
> if i don't say something, then after we've consensed around a secure RDNS
> discovery protocol, and somebody says what about all these other
> parameters
> that also have to be set by the network operator and have to be
> authenticated,
> we won't know how we got there.
>
> i'd like setting up an IoT device to be like bluetooth pairing, only,
> secure.
> like, enter a four-digit PIN or something. getting secure RDNS
> configuration
> should be like that. right now it's a welcome letter printed by my ISP,
> and
> that seems outdated.
>

This all sounds great. And when it was available, we could also use it to
indicate which Do[HT] server you ought to use.

The question I am addressing is what we ought to do in the interim.

-Ekr


> --
> Paul
>
>
> --
> Add mailing list
> Add@ietf.org
> https://www.ietf.org/mailman/listinfo/add
>

v2.23.0 | Report a Bug | By Email