Re: [dns-privacy] Issues with encoding keys in nameserver DNS names
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 14 December 2018 22:45 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BB8A131357 for <dns-privacy@ietfa.amsl.com>; Fri, 14 Dec 2018 14:45:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.19
X-Spam-Level:
X-Spam-Status: No, score=-4.19 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_SPF_PERMERROR=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Bo3ECGZxlcR for <dns-privacy@ietfa.amsl.com>; Fri, 14 Dec 2018 14:45:42 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 28B1613138D for <dns-privacy@ietf.org>; Fri, 14 Dec 2018 14:45:42 -0800 (PST)
Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 0D051F99E; Fri, 14 Dec 2018 17:45:39 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 57AE5205FC; Fri, 14 Dec 2018 17:26:28 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: "A. Schulze" <sca@andreasschulze.de>, dns-privacy@ietf.org
In-Reply-To: <f11b7502-4ba0-ebd4-eaae-f12eca788297@andreasschulze.de>
References: <20181211053806.GB11647@jurassic.lan.banu.com> <f11b7502-4ba0-ebd4-eaae-f12eca788297@andreasschulze.de>
Date: Fri, 14 Dec 2018 17:26:24 -0500
Message-ID: <877egb3fu7.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/29JyhbSoI3Y2pEeuuiw5moItjxQ>
Subject: Re: [dns-privacy] Issues with encoding keys in nameserver DNS names
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Dec 2018 22:45:45 -0000
On Fri 2018-12-14 19:12:41 +0100, A. Schulze wrote: > Am 11.12.18 um 06:38 schrieb Mukund Sivaraman: >> There was some discussion in last night's meeting about encoding keys in >> the DNS name of a nameserver, similar to DNSCurve. There are at least >> some issues with it: >> 1...4 > > 5. Encoding a key as DNS name of a nameserver makes key rotation harder. > Not impossible, but really much harder. i agree that it makes it harder, but i'm not convinced that it is *much* harder. Pretty much all TLS stacks today will let you associate different keys/certificates with different server names, so as long as resolvers send SNI to their resolvers (should we MUST that?) then it works like this: As an authoritative server operator, for rotation, you'd: * create a new key * create a certificate for it (or just use TLS raw public key) * tell the TLS frontend to use both certificates/names * add a new NS record * remove the old NS record * once its TTL has expired, remove the old certificate/name if you're serving many zones from a single authoritative server, it would require you to update the NS records for all zones, though -- that is maybe more of a challenge (especially if they all use different registrars and you're trying to update glue) than the above process, which is fairly well-defined. But maybe it's worth reviewing what we're hoping to gain from the keys-in-names approach too: a) indication that private queries are expected to work to this particular resolver b) cryptographic identity material If we care about both (a) and (b), then keys-in-names makes sense (though it has the friction for rotation that you describe). But what if we cared only about (a) ? could we signal with a special/magic terminal label just that private queries are expected to work, without embedding a key there? then we could rely on "the usual mechanisms" (the CA system, DANE) to address the authenticity problem, rather than an embedded key. For example, maybe the terminal label of your NS record could be "yes-it-does-dot" :) @ 1D IN NS yes-it-does-dot.a.ns.example.net. @ 1D IN NS yes-it-does-dot.b.ns.example.net. what do folks think about the tradeoffs there? --dkg
- [dns-privacy] Issues with encoding keys in namese… Mukund Sivaraman
- Re: [dns-privacy] Issues with encoding keys in na… Daniel Kahn Gillmor
- Re: [dns-privacy] Issues with encoding keys in na… Mukund Sivaraman
- Re: [dns-privacy] [Ext] Issues with encoding keys… Paul Hoffman
- Re: [dns-privacy] Issues with encoding keys in na… Daniel Kahn Gillmor
- Re: [dns-privacy] [Ext] Issues with encoding keys… Mukund Sivaraman
- Re: [dns-privacy] Issues with encoding keys in na… Mukund Sivaraman
- Re: [dns-privacy] Issues with encoding keys in na… Daniel Kahn Gillmor
- Re: [dns-privacy] Issues with encoding keys in na… manu tman
- Re: [dns-privacy] Issues with encoding keys in na… A. Schulze
- Re: [dns-privacy] [Ext] Issues with encoding keys… Paul Hoffman
- Re: [dns-privacy] Issues with encoding keys in na… Daniel Kahn Gillmor
- Re: [dns-privacy] Issues with encoding keys in na… Tony Finch