IETF Logo Mail Archive

Re: [dane] Network errors ARE attacks - on the end-to-end-principle

Mark Andrews <marka@isc.org> Wed, 16 May 2012 23:14 UTC

Return-Path: <marka@isc.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 336099E8029 for <dane@ietfa.amsl.com>; Wed, 16 May 2012 16:14:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.136
X-Spam-Level:
X-Spam-Status: No, score=-2.136 tagged_above=-999 required=5 tests=[AWL=0.463, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7GRT-ZwIh4dP for <dane@ietfa.amsl.com>; Wed, 16 May 2012 16:14:30 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by ietfa.amsl.com (Postfix) with ESMTP id 51F9B9E8028 for <dane@ietf.org>; Wed, 16 May 2012 16:14:30 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.ams1.isc.org (Postfix) with ESMTPS id 1F2545F98B9; Wed, 16 May 2012 23:14:15 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:4d9d:63d1:95fc:acb8]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id EE71A216C33; Wed, 16 May 2012 23:14:12 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id 1B72920ACED7; Thu, 17 May 2012 09:14:07 +1000 (EST)
To: Andrew Sullivan <ajs@anvilwalrusden.com>
From: Mark Andrews <marka@isc.org>
References: <CABcZeBMY26xrfvAx=UsYN2XnuONZ2vPy9tNwHQALudd=yQDvgA@mail.gmail.com> <643D87CD-D01E-47B8-82E5-D3F57D50C80B@vpnc.org> <alpine.LFD.2.02.1205142229552.10990@bofh.nohats.ca> <CABcZeBMS9cJ3m6JwJED7XAqdsF=zbTUUU_o3-opiZvqMyr7mdw@mail.gmail.com> <alpine.LFD.2.02.1205142352010.10990@bofh.nohats.ca> <20120515112154.GA20521@mail.yitter.info> <alpine.LFD.2.02.1205150816001.14601@bofh.nohats.ca> <201205160213.q4G2DGcF017008@new.toad.com> <20120516151946.GJ26714@mail.yitter.info>
In-reply-to: Your message of "Wed, 16 May 2012 11:19:46 -0400." <20120516151946.GJ26714@mail.yitter.info>
Date: Thu, 17 May 2012 09:14:07 +1000
Message-Id: <20120516231408.1B72920ACED7@drugs.dv.isc.org>
Cc: dane@ietf.org
Subject: Re: [dane] Network errors ARE attacks - on the end-to-end-principle
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 May 2012 23:14:31 -0000

In message <20120516151946.GJ26714@mail.yitter.info>fo>, Andrew Sullivan writes:
> On Tue, May 15, 2012 at 07:13:16PM -0700, John Gilmore wrote:
> 
> > "Genuine network errors" from buggy proxies or intentional firewalls
> > or intentional or accidental censorship systems ARE attacks.  They are
> > attacks on the fundamental end-to-end premise of the Internet.
> 
> But (1) bugs are different from intentional blockage and (2) not all
> of this is strictly speaking buggy.  The fact that some ancient
> gateway can't cope with RRTYPEs it doesn't know is, IMO, a disgrace;
> but they can say (correctly) that they just don't implement that RFC,
> and be quite right.  I would like the market to reject such devices as
> useless, but it hasn't yet.

For the market to reject such devices it needs to be *aware* of such
devices.  When 99.999% of queries are A records the market doesn't
get the feedback it needs to operate.

When you let the faults be seen the buggy software does get removed.
How many load balancers return NXDOMAIN to AAAA queries when there
are A records at the name now?  It used to be a reasonably common
bug.  We let the pain of that bug be visible and the problem is mostly
gone.

I don't know how many times I had to say to a customer reporting a
bug in named because the lookups worked with a different nameserver
that it was a because we supported both IPv4 and IPv6 when the other
vendors didn't and that made the remote bug visible.

> > But the end result will be that (1) users will realize they are being
> > censored; (2) providers will clean up the accidental and whim-related
> > censorship; and (3) users will migrate to providers who offer them
> > reliable end-to-end service without interruptions for the provider's
> > convenience or profit.
> 
> I suppose that the above is intended to argue that the market will
> reject such devices as useless.  I think we have a first mover
> principle in the way, however.  These "users" of which you speak would
> need to form a fairly detailed theory of operation of the Internet in
> order to understand what the problem is.  I don't believe that most of
> them will, and I don't think they ought to need to either.  Therefore,
> I would prefer that we build documents that permit useful incremental
> addition of features to the network.
> 
> To drag this back on topic, in light of the above I need to think
> harder about the argument, elsewhere in this thread, that uses 2 and 3
> are also undermined by the no-answer attack, because if that's the
> case then I suspect DANE is undeployable as it stands.
> 
> Best,
> 
> A
> 
> -- 
> Andrew Sullivan
> ajs@anvilwalrusden.com
> _______________________________________________
> dane mailing list
> dane@ietf.org
> https://www.ietf.org/mailman/listinfo/dane
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org

v2.8.7 | Report a Bug | By Email