Re: [Add] What to do in this potential working group
Brian Dickson <brian.peter.dickson@gmail.com> Wed, 21 August 2019 19:03 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: add@ietfa.amsl.com
Delivered-To: add@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D21B212099B for <add@ietfa.amsl.com>; Wed, 21 Aug 2019 12:03:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jubxpp5AZ5Dj for <add@ietfa.amsl.com>; Wed, 21 Aug 2019 12:03:35 -0700 (PDT)
Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0977B120993 for <add@ietf.org>; Wed, 21 Aug 2019 12:03:35 -0700 (PDT)
Received: by mail-vs1-xe35.google.com with SMTP id m62so2068788vsc.8 for <add@ietf.org>; Wed, 21 Aug 2019 12:03:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3934PqE4R3ak4dag75ItXyrxtasT2CEMrU8VDWIVaQA=; b=ULyoKrKI76T35DDcWcSY3fkIJmx2a2dbxr/INmkuSMfC/Ja2Ckk2+fYTBc2BNPJbAg S0LTfjXU5IpF4XSAOumMGIMRwS1pT+5I3zIXCkIzFp4XzPOfCJmeqbLpudHar4dJ7y9S o1AJtUc0Mco6sg/cGg1tDFBeWZPr+KVWmegni63AtIFGO/UIUjLyeWaFNDi8afq0EweZ 7ifha9Rr4DglnTt52yQyG9hVvEhMhjABhomEhkOpIv4wHGdQOKKe8IAnM/uatpvl0Pz8 VOerk+ZPuRMZMMYIzq1FeAyx1veM5nUe7M2IvqfrXQLbLbsBFdak06U0891y7KxCHkrj esQA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3934PqE4R3ak4dag75ItXyrxtasT2CEMrU8VDWIVaQA=; b=RtrK9Fqdk2NB/DbprLvOXEc/te84T2R8kia0xd6yYpzgVPJF/hW1MOm7Tce2LJcZBt ZhD1Ku+IkNvYZeYmlsUfc2sDpl7LkKATq2EiNOGMD4Yw85SlCalJoGkZo1asQgqmO1mH Knf649ZH1oi40wmHiItJSv3myAONJEyZh5It09lkVewtrkhK+RxKzvG8vpTPsGS4dXRY gpNI8vLmKjC1JmUV37pNE7N5U6xQuQdx6GEnNyUnVUzwKwV3hSfPWpHSUTG6QI99L5UD tAOCKiwZLj9s28Az8pkat7xgCO/29/y7S0SO/wGN7GnY59gAHRr37JiE3J/T/X9OqCum ZqPA==
X-Gm-Message-State: APjAAAV/79vz2nZSK2EyMmQ7MoGDAc3Hw2ztweO/iAzq8G1eMspjvvJD GaTDEAxOnuqgoCrSDiq55ZKhnQlkqhDWrG6eXTs=
X-Google-Smtp-Source: APXvYqzGA9T1iJ61rwmOXXby7y/Y+tGoxZ4GrfpLDYlKpD39wqzgmINCB4nLLfeVZ6K3o3d7Tf3lJNxYyM7FnCNgxuQ=
X-Received: by 2002:a67:f043:: with SMTP id q3mr21208161vsm.219.1566414213851; Wed, 21 Aug 2019 12:03:33 -0700 (PDT)
MIME-Version: 1.0
References: <A1128702-1E19-4657-9740-E84AE09992F2@piuha.net> <CABcZeBMfOTjq-8hDDoKMtJvfHUA5nC8o60zuk-2Xe-ZhfwriJQ@mail.gmail.com> <766112E1-F532-4C6B-8CA8-A096671E02EE@piuha.net> <CA+9kkMAfuOwJu8_qJTuhAY4mUwR+tVUxr+k3QFHBk3byV672Ow@mail.gmail.com> <A7EA862E-8E80-40E3-834D-E628988C0A24@virtualized.org> <CAFWeb9KT=2JL0oHUgJ2WMcduR3na+hP2QncvRR4YurmqsAWxTA@mail.gmail.com> <59E0EC53-0E30-431C-8376-52C7BFC121A8@virtualized.org>
In-Reply-To: <59E0EC53-0E30-431C-8376-52C7BFC121A8@virtualized.org>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Wed, 21 Aug 2019 15:03:08 -0400
Message-ID: <CAH1iCiqp0YuQ=duqfpwFXcaK_Ar2PW9od-gvRKSxafj=tnP4Gg@mail.gmail.com>
To: David Conrad <drc@virtualized.org>
Cc: Alec Muffett <alec.muffett@gmail.com>, ADD Mailing list <add@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c9afc30590a53a58"
Archived-At: <https://mailarchive.ietf.org/arch/msg/add/n1nP3EWnavdsCwgjMCx3DyzOirM>
Subject: Re: [Add] What to do in this potential working group
X-BeenThere: add@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Applications Doing DNS <add.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/add>, <mailto:add-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/add/>
List-Post: <mailto:add@ietf.org>
List-Help: <mailto:add-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/add>, <mailto:add-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Aug 2019 19:03:37 -0000
On Wed, Aug 21, 2019 at 2:17 PM David Conrad <drc@virtualized.org> wrote: > Alec, > > On Aug 21, 2019, at 11:06 AM, Alec Muffett <alec.muffett@gmail.com> wrote: > > On Wed, 21 Aug 2019, 18:59 David Conrad, <drc@virtualized.org> wrote: > >> The only way to truly ensure a trustworthy answer is to protect the >> actual answer. Which is what DNSSEC does. >> > Fortunately we do not have to wait for DNSSEC in order to get answers from > the people from whom we wish them supplied, privately and untampered-with, > which is the whole point of DNS over HTTPS. > > > As mentioned, this is not the traditional answer for what is “trustworthy” > when it comes to DNS data: instead of trusting the zone owner (more > specifically, the holder to the zone signing key), you are trusting the > resolver operator. > > The data is ONLY private between the end user and the resolver operator. > It is NOT private to the resolver operator (something people have been > repeatedly pointing out) nor is it private between the resolver operator > and the authorities. > > Further, you cannot ensure to the end user that the “trusted” resolver > operator has not tampered with the data, be it due to court order, internal > attack, software bugs, etc. > It is probably useful to highlight the impact of "local policy", especially with respect to trust anchors. For example, it might be the case that a given resolver operator has been compelled to install (and use) some additional trust anchor(s). Under that resolver operator's local policy, it is possible that the validity of a given DNS answer from an authority, only due the use of an additional trust anchor. In that circumstance, a validating stub would actually determine that the DNS answer it received from that resolver is BOGUS. The resolver operator might not be directly involved in modification of the DNS answer and signatures. For example, there could be a state actor in the same jurisdiction as the operator and the respective court. The additional trust anchor presumably would have been used by the state actor for signing the substituted data. (This would be analogous to the root CA thing being used for TLS MITM ongoing somewhere.) Since a resolver operator's data is mostly cached, and cached based on DNSSEC validity if they validate, such state actions scale extremely well. This is a significant reason that DNSSEC was designed from the ground up for client (stub) validation: trust, but verify. Note: Having multiple resolver operators to choose from helps this situation, but ONLY if the stub does local validation, and if the jurisdictions for those operators was different. The stub treats the invalid data as a failure, and uses the other provider. This only occurs if the failure to validate is detected by the stub, by local validation. NB: recursive-to-authoritative is not encrypted, and on-path attackers can modify the data. DNSSEC enables detection of this tampering via validation on signed data, modulo the trust anchor(s) in use. Brian > > Again, DNS over HTTPS protects the data channel. It does NOT protect the > data. > > Regards, > -drc > >
- [Add] What to do in this potential working group Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Orth
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Jim Reid
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Vyncke (evyncke)
- Re: [Add] What to do in this potential working gr… Ted Lemon
- Re: [Add] What to do in this potential working gr… Jim Reid
- Re: [Add] What to do in this potential working gr… Ted Lemon
- Re: [Add] What to do in this potential working gr… Tommy Jensen
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Brian Dickson
- Re: [Add] What to do in this potential working gr… Brian Dickson
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… Adam Roach
- Re: [Add] What to do in this potential working gr… Ted Hardie
- Re: [Add] What to do in this potential working gr… David Conrad
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Alec Muffett
- Re: [Add] What to do in this potential working gr… David Conrad
- [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] data integrity and DNSSEC or DoH/DoT David Conrad
- Re: [Add] data integrity and DNSSEC or DoH/DoT Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] Unstated assumptions in What to do in t… John Levine
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] What to do in this potential working gr… Patrik Fältström
- Re: [Add] What to do in this potential working gr… Patrik Fältström
- Re: [Add] What to do in this potential working gr… Rob Sayre
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Martin Thomson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] What to do in this potential working gr… Daniel Stenberg
- Re: [Add] What to do in this potential working gr… Jari Arkko
- Re: [Add] data integrity and DNSSEC or DoH/DoT Stephen Farrell
- Re: [Add] What to do in this potential working gr… Ray Bellis
- Re: [Add] What to do in this potential working gr… Martin J. Dürst
- Re: [Add] What to do in this potential working gr… Stephen Farrell
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] What to do in this potential working gr… Ralf Weber
- Re: [Add] data integrity and DNSSEC or DoH/DoT Ralf Weber
- Re: [Add] data integrity and DNSSEC or DoH/DoT Willem Toorop
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Rubens Kuhl
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] What to do in this potential working gr… Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Livingood, Jason
- Re: [Add] What to do in this potential working gr… Adam Roach
- Re: [Add] What to do in this potential working gr… Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Rob Sayre
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] What to do in this potential working gr… Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Jim Reid
- Re: [Add] data integrity and DNSSEC or DoH/DoT Eric Rescorla
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Neil Cook
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Christian Huitema
- Re: [Add] data integrity and DNSSEC or DoH/DoT Christian Huitema
- Re: [Add] data integrity and DNSSEC or DoH/DoT Brian Dickson
- Re: [Add] data integrity and DNSSEC or DoH/DoT Andrew Campling
- Re: [Add] data integrity and DNSSEC or DoH/DoT Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Paul Wouters
- Re: [Add] data integrity and DNSSEC or DoH/DoT Vittorio Bertola
- Re: [Add] data integrity and DNSSEC or DoH/DoT Alec Muffett
- Re: [Add] data integrity and DNSSEC or DoH/DoT Alec Muffett