IETF Logo Mail Archive

Re: [dns-privacy] Stephen Farrell's Discuss on draft-ietf-dprive-dns-over-tls-07: (with DISCUSS and COMMENT)

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 10 March 2016 08:41 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 192FE12D5B9; Thu, 10 Mar 2016 00:41:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.302
X-Spam-Level:
X-Spam-Status: No, score=-4.302 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M-j76laxHjOQ; Thu, 10 Mar 2016 00:41:20 -0800 (PST)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 156E312D5B4; Thu, 10 Mar 2016 00:41:20 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id 643E8BE54; Thu, 10 Mar 2016 08:41:18 +0000 (GMT)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id k7HcEYztTE4r; Thu, 10 Mar 2016 08:41:16 +0000 (GMT)
Received: from [10.87.49.100] (unknown [86.46.23.221]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 0AF9DBE39; Thu, 10 Mar 2016 08:41:16 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1457599276; bh=aO+7sxgSw1OFh0KnDzo83+98E0tf7o8Gy8H2VbD6k9o=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=A3eSZJfyqPKj1Eo2S2ZdGKhAdAB4c/xqG9RTvEJwGeL6B4P/ftAAizK+Pyb+zxNx9 xHm6IFleee85foiOvgzZXivz8n7FhXnFV7TOrLPuGKILa6WLpQO8NvA7FDMR4oIwSM zdeJI8Yl5aTSufbcBO1GJqCOL1lriQyQAveA0c1c=
To: "Wessels, Duane" <dwessels@verisign.com>
References: <20160309141923.27481.29744.idtracker@ietfa.amsl.com> <D04AE8A1-4F47-4EFC-9527-7B3A778E5EBD@verisign.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <56E1332B.7030009@cs.tcd.ie>
Date: Thu, 10 Mar 2016 08:41:15 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <D04AE8A1-4F47-4EFC-9527-7B3A778E5EBD@verisign.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms010105090001030806090605"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/4ZW86VzBMWUbrGS_ykguyrH7LMc>
Cc: Allison Mankin <allison.mankin@gmail.com>, "draft-ietf-dprive-dns-over-tls@ietf.org" <draft-ietf-dprive-dns-over-tls@ietf.org>, Sara Dickinson <sara@sinodun.com>, The IESG <iesg@ietf.org>, "dprive-chairs@ietf.org" <dprive-chairs@ietf.org>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: [dns-privacy] Stephen Farrell's Discuss on draft-ietf-dprive-dns-over-tls-07: (with DISCUSS and COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2016 08:41:22 -0000

Hiya,

On 09/03/16 22:24, Wessels, Duane wrote:
> Hi Stephen,
> 
> 
>> On Mar 9, 2016, at 6:19 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
>>
>> (1) 4.2: Why didn't you just mandate one way of calculating a
>> fingerprint as being mandatory to implement? (E.g. a sha256 hash of
>> the DER encoded SPKI?)
> 
> I don't think that was intentional.  Happy to add it as a requirement.
> 
>    Implementations of this privacy profile MUST support the calculation
>    and representation of a fingerprint as the SHA-256 [RFC6234] hash of
>    the DER-encoded ASN.1 representation of the Subject Public Key Info
>    (SPKI) of an X.509 certificate.  Additional fingerprint types MAY
>    also be supported.

That's great thanks. You maybe want to mention the base64 encoding
too if you want that to end up exactly as per Appendix A.

> 
> 
> 
>> and why is the "don't pin to a CA" rule in
>> appendix A not a MUST in the body of the document?
> 
> The appendix essentially says "service-specific private CA: good. public CA: bad"
> 
> I don't think we can make it a MUST because (a) how do you enforce that and
> (b) we don't expect the DNS client to differentiate between private/public CAs.

Ok, fair point.

> 
>> Wouldn't it be
>> better to do both of those?
> 
> Sorry, I'm not sure what you mean by "do both of those"?

Never mind - bad phraseology from me;-)

> 
>> (Or to say why you're not doing them,
>> e.g. if current implementations do different things.) Given that
>> recursives publishing PINs will pick something, having that
>> something supported by all clients would seem like a fine thing.
> 
> I agree that it might be better to move the sentence below from the appendix
> to the main body.
> 
>    Operators of a DNS-over-TLS service in this profile are
>    expected to provide pins that are specific to the service being
>    pinned (i.e., public keys belonging directly to the end-entity or to
>    a service-specific private CA) and not to public key(s) of a generic
>    public CA.
> 

Fair enough.

> 
> 
>>
>> (2) Section 5: Is it ok to (almost:-) recommend TLS false start like
>> that?  Don't you need to at least point out that that has additional
>> requirements over and above RFC7525? I've not checked those in
>> detail though, as I'm waiting for the TLS WG to do their publication
>> request for false start. If you've done that checking, then you
>> might be just able to say "yeah, that's not a problem" but I'd like
>> to know since implementers here are likely to read this as saying
>> "Do RFC7525 and you're good."
> 
> I don't know.  I need to defer to TLS experts on this one.
> 
> This may be a case where the risks (of getting it wrong) outweigh the benefits
> (of sometimes lower latency) so maybe it should be removed?

Some people will prefer the latency gain though as we know.

I think in this case all you need to do is highlight that false
start has requirements over and above 7525, e.g. by saying:

"Implementations supporting TLS false start need to be aware
that imposes additional constraints on how one uses TLS,
over and above those stated in BCP195. It is unsafe to use
false start if your implementation and deployment doesn't
adhere to these specific requirements. See [false-start]
for details of those additional constraints."

Cheers,
S.

PS: If the above changes are acceptable then my DISCUSS will
be sorted.



> 
> DW
> 
>

v2.23.0 | Report a Bug | By Email