IETF Logo Mail Archive

Re: [dns-privacy] Adam Roach's No Objection on draft-ietf-dprive-bcp-op-08: (with COMMENT)

Brian Dickson <brian.peter.dickson@gmail.com> Thu, 06 February 2020 05:55 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1FD26120120; Wed, 5 Feb 2020 21:55:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.754
X-Spam-Level:
X-Spam-Status: No, score=-0.754 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, NUMERIC_HTTP_ADDR=1.242, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2vnGSXkFFqE4; Wed, 5 Feb 2020 21:55:22 -0800 (PST)
Received: from mail-vk1-xa31.google.com (mail-vk1-xa31.google.com [IPv6:2607:f8b0:4864:20::a31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D933F12001A; Wed, 5 Feb 2020 21:55:21 -0800 (PST)
Received: by mail-vk1-xa31.google.com with SMTP id w67so1297540vkf.1; Wed, 05 Feb 2020 21:55:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ERC4+0hHIVMu6P7+Je1GOUe/AcBICdGZSiLWGtS9xZ8=; b=tPHQ2zWIXMqGsItSsZW/UZfS6s6OUuxI7u9OqkrTxq6Xi9W6wFjGTbdT4iup/A0Gf7 Lyb3KDlNBe++boEsKZqUc9KUJdz5LeC6xhH+oM5w0CaMDBZxY7yGTNqOB8ZoDBjWKl/8 fhnLvTJN2cjVCx533KFFh6BHdECGZmqSzLLgMlpMX47aFfIHZPvkeEMcHn5WwYuqWdBm 8YsnschT0vzaZju/BNF93iquRQ/twsAkSluPq4VppQ13Md271icNCWNfMZ6GiFxb3PGD k0NZp9+SygQR4OCxcDPPcOny0SO1KMYzfRQRgLiAuuToeO9o2CtUkSI7Jf9UoMbjlmIU HOQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ERC4+0hHIVMu6P7+Je1GOUe/AcBICdGZSiLWGtS9xZ8=; b=TYk3FjdepCT//kLkY4zpSCMV9ptQd7Jav2citSkmlKpYiZDHzE6CYyS2jeZm49xrOq a0tNPzWfPqU48G+j/ObUu8z6U+MspS/+OCtEBeZBIlsfOIJjE5pYxDQJZ8eakR54S2Jz IO8SxpCOY6mZ90PXGwyZz52APbG0CIa4wBz7DUArJcCuZPSqXkFpdva8GBkkcfY8Hj+n Nkg75GsZTm90gaxu5p1ZsM483ir9+rYH3BZPkLEJzb11d7BUJOGDamIrBggivEiBRzO2 w/c4SGfNfAmXrK9YZJyhUuGrtushzcgx6mNOCUzDBcBeDLOIxnUdjxjUlmMzS5FcduLi jeEQ==
X-Gm-Message-State: APjAAAVIgkVI4OAa1GYWjyzQBjtLPEr8nLt1coPmdHxlYGbiRZNsBIY6 CS5WVb6S5OGx4jN4593iEA9K1pLFS77cnp+JXTg=
X-Google-Smtp-Source: APXvYqxYfdMtD5wCjaEuGKI6yXLt0LH7kVXmuMYZt61O5SKXNbmMyluxR4Ls+iRDe9pVukZwIYQQ1i+vY2Jill51cYs=
X-Received: by 2002:a1f:328a:: with SMTP id y132mr943070vky.60.1580968520883; Wed, 05 Feb 2020 21:55:20 -0800 (PST)
MIME-Version: 1.0
References: <158096547226.30514.2103023305468871108.idtracker@ietfa.amsl.com>
In-Reply-To: <158096547226.30514.2103023305468871108.idtracker@ietfa.amsl.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Wed, 05 Feb 2020 21:55:09 -0800
Message-ID: <CAH1iCiqLwP8UOJe_vWQAr7iu8j7LF2Y4+386XNimM+3wJ-2RzQ@mail.gmail.com>
To: Adam Roach <adam@nostrum.com>
Cc: The IESG <iesg@ietf.org>, Tim Wicinski <tjw.ietf@gmail.com>, draft-ietf-dprive-bcp-op@ietf.org, dns-privacy@ietf.org, dprive-chairs@ietf.org
Content-Type: multipart/alternative; boundary="00000000000016a441059de1ebfa"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/4W24bbIMw5MLhObhbQU7NrpGvSk>
Subject: Re: [dns-privacy] Adam Roach's No Objection on draft-ietf-dprive-bcp-op-08: (with COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2020 05:55:26 -0000

On Wed, Feb 5, 2020 at 9:04 PM Adam Roach via Datatracker <noreply@ietf.org>
wrote:

> Adam Roach has entered the following ballot position for
> draft-ietf-dprive-bcp-op-08: No Objection
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-dprive-bcp-op/
>
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Thanks to the document authors, as well as everyone else who
> contributed to this document for all the work that went into
> its creation.  I have a handful of editorial suggestions that
> you may wish to take into account prior to publication. (I also
> have one request and one question in the list below.)
>
> I also support the first point of Alissa's discuss, and have
> elided several comments about Section 5.1.7 from my review
> below with the expectation that it will be removed.
>
> ---------------------------------------------------------------------------
>
> §1:
>
> >  Community insight [or judgment?] about operational practices can
> >  change quickly, and experience shows that a Best Current Practice
> >  (BCP) document about privacy and security is a point-in-time
> >  statement.  Readers are advised to seek out any errata or updates
> >  that apply to this document.
>
> RFC Errata are intended only to correct documents to reflect what
> the community believed they should have said at the time of publication
> (e.g., typographic errors, omissions in state machines), and not to
> provide updates to reflect later thinking. Please remove "errata or"
> from this sentence.
>
> ---------------------------------------------------------------------------
>
> §5.1.1:
>
> >  o  DNS-over-TLS [RFC7858] and [RFC8310].
> >
> >  o  DoH [RFC8484].
>
> Nit: For the sake of consistency, I would recommend either contracting
> both of these (e.g., "DoT" and "DoH"), or expanding them both.
>
> This same comment applies to the prose in section 5.1.2, as well
> as the titles of 5.1.3.1 and 5.1.3.2.
>
> ---------------------------------------------------------------------------
>
> §5.1.2.1:
>
> >  o  Mis-identification of a server by a client e.g. typos in URLs or
> >     authentication domain names [RFC8310].
>
> It's a bit unclear which kind of URLs this is referring to. Based on the
> proposed mitigation, I suspect it's talking about the use of URLs to
> configure a DNS server? Consider clarifying the URL's purpose in this
> text.
>
> ---------------------------------------------------------------------------
>
> §5.1.3.2:
>
> The use of EDNS(0) padding is conspicuous by its absence from this
> section. Is this intentional?
>
> ---------------------------------------------------------------------------
>
> §5.1.4:
>
> >  DNS Privacy Threats:
> >
> >  o  Users may be directed to bogus IP addresses for e.g. websites
> >     where they might reveal personal information to attackers.
>
> You might want to consider a different example than websites here. 80% of
> worldwide website traffic is secured by HTTPS, which means than any such
> attempts will be prevented by WebPKI certificate mismatches.
>
>
This argument ("any such attempts...") is flawed. (Apologies for the
directness; this is factual stuff.)

Here's why.

HTTPS certificate validation is based on the assumption that the client
connects to the actual IP of the server (aka "the real server").
The real server presents the certificate, and the TLS handshake proves that
the server possesses the private key of the certificate.

Loss of control of the private key is an issue ONLY if an attacker is able
to direct a client to an IP under control of the attacker.

The DNS component of WebPKI certificate validation is critical; it goes
"FQDN" -> DNS -> IP -> (TLS connection with SNI, get cert, validate cert
via handshake).
You can't connect to some random IP that hands you the cert you ask for,
you have to know you are contacting the legitimate web site first (via the
DNS to IP bits).

The issue isn't actually WebPKI *mismatches*, so much as it is about the
non-possession of the private key for the *real* certificate (or issuance
of another certificate matching the name).

If an attacker is able to obtain the private key, there is no difficulty in
obtaining the certificate itself (indeed, the real server serves it up, as
required by TLS).

The only roadblock to an attacker using a certificate after a private key
is obtained, is DNS.

Only DNSSEC can protect against cache poisoning attacks, by which an
attacker can direct clients to the IP under control of the attacker, and
succeed in impersonating the legitimate web site, which could be used to
elicit personal information from unwary users.
(Cache poisoning attacks aren't completely trivial, but they are many
orders of magnitude more feasible than brute strength attacks against
DNSSEC or WebPKI keys.)

So, the argument fails because it is reduced to the claim that "private
keys can't be obtained by attackers" (which cannot be guaranteed, clearly.)

Maybe some language that explains how/why the risk exists would help
clarify the threat?

Brian




> Notably, this means that the mitigation proposed is of diminished value
> for DNS servers that are used primarily or exclusively for resolving
> web server addresses, and the calculus of whether the overhead of
> implementing DNSSEC in such servers is worth the value it provides may
> vary radically from that which applies to general-purpose name resolvers.
> Given the fairly absolute language in the current mitigation section
> (only three mitigations use something as strong as "must"), it is
> probably worthwhile adding some text that acknowledges that the value
> of this mitigation varies depending on the applications that use the
> DNS service.
>
> ---------------------------------------------------------------------------
>
> §6.1.1:
>
> >  4.  Associated entities.  Declare any partners, third-party
> >      affiliations, or sources of funding.
>
> Having looked at a number of such disclosures recently, I've noticed
> that it has become fashionable to make such disclosures in the form
> of "<Corporation> may share information about our customers among
> the <corporation> family of companies," while eliding information
> that, for example, one such company is a user-tracking-based
> advertising network.
>
> So, if we're making suggestions for ideal policies, I might suggest
> something a bit more explicit, like:
>
>    4.  Associated entities.  Declare and explicitly enumerate any
>        partners, third-party affiliations, or sources of funding.
>
> ---------------------------------------------------------------------------
>
> §B.2:
>
> >  Since 2006, PowerDNS have included a de-identification tool
> >  Appendix B.2 with their PowerDNS product.
>
> There appears to be a spurious "Appendix B.2" on the second line of
> this paragraph.
>
>
> _______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy
>

v2.23.0 | Report a Bug | By Email