IETF Logo Mail Archive

Re: [dns-privacy] Call for Adoption: draft-hal-adot-operational-considerations

Hugo Maxwell Connery <hmco@env.dtu.dk> Thu, 15 August 2019 18:41 UTC

Return-Path: <hmco@env.dtu.dk>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B3C8A120074 for <dns-privacy@ietfa.amsl.com>; Thu, 15 Aug 2019 11:41:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=env.dtu.dk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ABo09sk-mq0w for <dns-privacy@ietfa.amsl.com>; Thu, 15 Aug 2019 11:41:00 -0700 (PDT)
Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-ve1eur01on061d.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe1f::61d]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DD91E120071 for <dns-privacy@ietf.org>; Thu, 15 Aug 2019 11:40:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KytwGzMIarQx6JUVAmNof6xhkVfqjFcok9cnuC4WcRLnYGgMdX4ldZBpIYqmBEXH1Qky0MnKkjsHxrsKCRtzc4/RdFCFrU3bK9u7KvGf0CGBapW4g7KQO/i/omBc9Shtr78dBifdsl2hMC0IrzTKnNo/z61/WuqUIWW2tUHpucYx1P7jQgJlgjIbtov57aZmnhOTNefE96E9THsO1srKZSqj32sj+IIVT6PjQjyg+lz6TKabFJ2Ecz+rC2v+zBzf5YyEe/kOAWvWkCn0odwiBDpGCBdAyK2jCMAKFbVordo3vaimIAsiWNENa1qJJRLrURmZ6oPChQMpdmv/SV21Xg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2hF8/FXvNvtAwsjbifmSfaUp+FLV7LEdZOd+e3hkEa0=; b=kr8YIsPJDxW/gVW8GpvEdKRMYH++68yJK57eIX8jy0miiauOC8Uhf39iosH7EpXY/3aN9dNJLD6VG6G4aFjRYQtcDwWlFYn3QqHZ8QWsJKsrknupKY47UW7uXEGRLLPBv5aNObZ5X5Y0dw7iNGa3jRao5zgkYqFUGPQ9VCl3JjsBsaRAb0NerhTyHzcLbybm0kNznpTADmLgoYVEfNjVytxqA5eASkT+dljCD2IWtlkw61FLTII1lC8/K9PRXELiLe2ToETyzPdIwOLSOw4ERyx8c35yuy4A6/GNTcCqNL/ZWY7hVs/TMueIBbbES/hJXBy8d+YBaAm3YFoAFWb7fg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 192.38.82.194) smtp.rcpttodomain=google.com smtp.mailfrom=env.dtu.dk; dmarc=pass (p=quarantine sp=quarantine pct=100) action=none header.from=env.dtu.dk; dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=env.dtu.dk; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2hF8/FXvNvtAwsjbifmSfaUp+FLV7LEdZOd+e3hkEa0=; b=j36YJTh9OfuYiH1vvOVyDKX7Bt/Kh8mtnORKgAG13TPp/e4M6sjEfWsPuJt6sKUkh1k5oywVac6vVb4A9/1IlnRTgx1RJs296AF5+DUa41Bme1my86yYNO32FqS2zMQHT9U0hIeN8FEg0yqD4YO3fxobz9fqgPEPnuS8N37k+E4=
Received: from AM6P192CA0080.EURP192.PROD.OUTLOOK.COM (2603:10a6:209:8d::21) by AM5P192MB0226.EURP192.PROD.OUTLOOK.COM (2603:10a6:203:80::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2178.16; Thu, 15 Aug 2019 18:40:56 +0000
Received: from VE1EUR01FT024.eop-EUR01.prod.protection.outlook.com (2a01:111:f400:7e01::202) by AM6P192CA0080.outlook.office365.com (2603:10a6:209:8d::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.20.2178.16 via Frontend Transport; Thu, 15 Aug 2019 18:40:56 +0000
Authentication-Results: spf=pass (sender IP is 192.38.82.194) smtp.mailfrom=env.dtu.dk; google.com; dkim=none (message not signed) header.d=none;google.com; dmarc=pass action=none header.from=env.dtu.dk;
Received-SPF: Pass (protection.outlook.com: domain of env.dtu.dk designates 192.38.82.194 as permitted sender) receiver=protection.outlook.com; client-ip=192.38.82.194; helo=mail.win.dtu.dk;
Received: from mail.win.dtu.dk (192.38.82.194) by VE1EUR01FT024.mail.protection.outlook.com (10.152.2.213) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256) id 15.20.2178.16 via Frontend Transport; Thu, 15 Aug 2019 18:40:56 +0000
Received: from ait-pexsrv02.win.dtu.dk (192.38.82.195) by ait-pexsrv01.win.dtu.dk (192.38.82.194) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Thu, 15 Aug 2019 20:40:55 +0200
Received: from ait-pexsrv02.win.dtu.dk ([192.38.82.195]) by ait-pexsrv02.win.dtu.dk ([192.38.82.195]) with mapi id 15.01.1591.017; Thu, 15 Aug 2019 20:40:55 +0200
From: Hugo Maxwell Connery <hmco@env.dtu.dk>
To: Ben Schwartz <bemasc@google.com>
CC: Brian Haberman <brian@innovationslab.net>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Thread-Topic: [dns-privacy] Call for Adoption: draft-hal-adot-operational-considerations
Thread-Index: AQHVUuCSWJwyhvWir0yigccVH5Li+ab8KdMAgAADHwCAAFlsXQ==
Date: Thu, 15 Aug 2019 18:40:55 +0000
Message-ID: <be3d2a6ebce642cb89855cfd9bb4aa4e@env.dtu.dk>
References: <5352e08c-3280-999c-0c3f-d15a9f02a7b4@innovationslab.net> <2737006b51b48ac6bf89829a9599d42aaf847550.camel@env.dtu.dk>, <CAHbrMsB-J9XYWAMChHc=4bJBDGDevkMOKaO6x-Lg-iw1L3uk4Q@mail.gmail.com>
In-Reply-To: <CAHbrMsB-J9XYWAMChHc=4bJBDGDevkMOKaO6x-Lg-iw1L3uk4Q@mail.gmail.com>
Accept-Language: en-AU, da-DK, en-US
Content-Language: en-AU
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.38.82.8]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:192.38.82.194; IPV:CAL; SCL:-1; CTRY:DK; EFV:NLI; SFV:NSPM; SFS:(10009020)(39860400002)(136003)(346002)(376002)(396003)(2980300002)(189003)(199004)(2906002)(476003)(6116002)(8746002)(76130400001)(126002)(106002)(316002)(336012)(3846002)(66066001)(54906003)(8936002)(6306002)(47776003)(7736002)(70206006)(305945005)(11346002)(23726003)(486006)(14444005)(97756001)(446003)(70586007)(2616005)(956004)(66574012)(229853002)(86362001)(26005)(356004)(36756003)(246002)(53546011)(102836004)(186003)(46406003)(966005)(5660300002)(53386004)(50466002)(786003)(6246003)(478600001)(26826003)(8676002)(53416004)(24736004)(108616005)(6916009)(4326008)(76176011); DIR:OUT; SFP:1101; SCL:1; SRVR:AM5P192MB0226; H:mail.win.dtu.dk; FPR:; SPF:Pass; LANG:en; PTR:ait-pexsrv01.win.dtu.dk; MX:1; A:1;
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 820046a6-f1d1-4663-4f52-08d721b01be1
X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(4709080)(1401327)(2017052603328)(7193020); SRVR:AM5P192MB0226;
X-MS-TrafficTypeDiagnostic: AM5P192MB0226:
X-MS-Exchange-PUrlCount: 3
X-Microsoft-Antispam-PRVS: <AM5P192MB022671E1032ED3737D1F96E7E4AC0@AM5P192MB0226.EURP192.PROD.OUTLOOK.COM>
X-MS-Oob-TLC-OOBClassifiers: OLM:9508;
X-Forefront-PRVS: 01304918F3
X-MS-Exchange-SenderADCheck: 1
X-Microsoft-Antispam-Message-Info: ZrQaRcQqapZmPeZ2v2LfRnOfcxlvkS/phdeUR7sLzvZZgB0DPjZ3Ph2JK1Iy+O+5ZhFH2QDEDFF9Wv/tt9GZNV7sd70I8S7zjEC79Sxsctjc02uGlUq5Ks94pgWcZ1AKo/62uPFe6Raw8t0qyQXY3kcmi4RxHAOcRMbKNlsklixuZI3cq1WqgYHkM6Pnl4kUQXCUKc8TBIUnd9KXgTxmF5ZCJDNlfvrrQqtFoNVS5YuDRVqnDwkRpKfLwzcY94P3hd6JI176ib02IxkZo5w+RzlX3eBoipZxuSFut4fL6iG0+VNn0scw4F8V+a/ek27WPcsYS6I5lnn2HXkhJkdB5zZyGf4rENcXvbzWDccLU5luWQ1xjKcc6uJ55KmxmU4w6h0HqR7rxbMHwKSBMofxdBMUsXwpjmCroJdJKH8XVhw=
X-OriginatorOrg: env.dtu.dk
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 15 Aug 2019 18:40:56.0644 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 820046a6-f1d1-4663-4f52-08d721b01be1
X-MS-Exchange-CrossTenant-Id: f251f123-c9ce-448e-9277-34bb285911d9
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f251f123-c9ce-448e-9277-34bb285911d9; Ip=[192.38.82.194]; Helo=[mail.win.dtu.dk]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM5P192MB0226
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/6eJ6CAgb2G2FZO5jHfU6W5uG4PA>
Subject: Re: [dns-privacy] Call for Adoption: draft-hal-adot-operational-considerations
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Aug 2019 18:41:05 -0000

Hi DPRIVE,

+1 on not adopting deployment guidelines for standards which dont exist.

So, this gives us an "order of approval".  Indeed, it may mean that the AHoT op doc is never an RFC.  Whatever.

(and here I continue to wholly agreeing with you, but waffle on because I think this is important).

The AHoT op doc is an important opportunity for galvanising work on this topic.  DPRIVE is constructed to look at the "attack on the internet" that pervasive "monitoring" is (for DNS).  This is the last major step on providing privacy in the DNS sphere.  Its important, and it needs good, clear thought by informed engineers to create a solution that is robust, serves its purpose, and has a path for upgrade as new challenges emerge.  Despite its alarmist tone (in some sections) AHoT op lays out many good recommendations (TLSv1.3, ...) and calls for the answering of questions which are particularly important to (especially large) DNS operators.

If we want those operators to adopt these burdens (for burdens they are) we need to have a collaborative process by which they can assess the impact (cost, risk, ...) on their businesses.

I'd love to live in a perfect word of utopian engineering purity, but I too run a (very small) network and know the 12 principles, from which I'll quote the first: "It Has To Work".  If people fluffing on about potential impacts on business concerns have some minor influence on engineering design by first starting to talk about operational implications, I say "this happens all the time, and the IETF is well used to it".

Sincerely,  Hugo Connery
________________________________________
From: Ben Schwartz [bemasc@google.com]
Sent: Thursday, 15 August 2019 17:00
To: Hugo Maxwell Connery
Cc: Brian Haberman; dns-privacy@ietf.org
Subject: Re: [dns-privacy] Call for Adoption: draft-hal-adot-operational-considerations

I have concerns about adoption of a draft on "operational considerations" for a specification ("ADoT") that doesn't exist, and therefore cannot be "operated".  I think we should refrain from speculation, and wait until there is a proposed specification before attempting to provide guidance on how best to implement it.

I'm glad the authors are bringing their concerns to the DPRIVE working group for discussion as we consider proposals for "ADoT".  These concerns are well noted and will certainly influence future drafts on the topic.  However, the purpose of working group adoption is not to inform discussion within a working group: it is to enable outgoing communication from a working group to other parties.  To the extent that this draft serves to inform the work of DPRIVE, adoption is not necessary or relevant for the draft to achieve its purpose.

On Thu, Aug 15, 2019 at 8:49 AM Hugo Connery <hmco@env.dtu.dk<mailto:hmco@env.dtu.dk>> wrote:
Hi DPRIVE,


Firstly, I concur with Stephen Farrell's comments.

I support the document and further work on it.  My comments are:

1.1.1

spelling: proection -> protection

  "Initial deployments of ADoT may offer an immediate expansion of the
   attack surface (additional port, transport protocol, and
   computationally expensive crypto operations for an attacker to
   exploit) while, in some cases, providing limited protection to end
   users."

I find this a little "scareware".  An additional port is not a threat.
It what's running behind it.  The "transport protocol" is worked out,
right?  TLS v1.3.  "computationally expensive ...".  Haven't our
chip manufacturing friends provided hardware primitives to correspond
to much of the "expensive" calculations?

Yes, there will be a new service, and thus one must do the security
analysis that you recommend.  And, yes, TLSv1.3 means crypto and
potentially many concurrent connections and that will place additional
load on the AHoT server infrastructure.  But "immediate expansion of
the attack surface ... expensive crypto ... attacker to exploit ..."
seems designed, along with the MUSTs for the studies, to scare CEOs
and delay things.

1.1.2

paragraph 2: I presume you are referring to CDN's.  Why not specify
that?

3.2

 "Static use of a pre-defined port provides on-path adversaries the
  ability to more easily drop or manipulate traffic intended for that
  port, possibly triggering resolvers to downgrade a connection back to
  a traditional DNS query, eliminating the encryption protections."

How, if we're using TLSv1.3 with good crypto is "manipulate traffic"
going to work?  Without breaking the crypto you can't re-write queries
successfully. Yes, you can drop it.  But, this is always true.  (Yes,
its a downgrade attack.)

"This attack is more likely to happen on the stub-to-recursive
connection but is also a possible threat for recursive-to-authoritative
connections."

Why?  Please justify.  Airport and hotel networks?

Regards,  Hugo Connery

PS: I am happy to continue to review.

On Wed, 2019-08-14 at 16:40 -0400, Brian Haberman wrote:
> This starts a Call for Adoption for
> draft-hal-adot-operational-considerations
>
> The draft is available here:
> https://datatracker.ietf.org/doc/draft-hal-adot-operational-considerations/
>
> Please review this draft to see if you think it is suitable for
> adoption
> by DPRIVE, and comment to the list, clearly stating your view.
>
> Please also indicate if you are willing to contribute text, review,
> etc.
>
> This call for adoption ends: 28 August 2019
>
> Thanks,
> Brian & Tim
>
> _______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org<mailto:dns-privacy@ietf.org>
> https://www.ietf.org/mailman/listinfo/dns-privacy
--
Hugo Connery, Head of IT, Dept. Environmental Engineering
Technical University of Denmark, http://www.env.dtu.dk
:(){:|:;};:

_______________________________________________
dns-privacy mailing list
dns-privacy@ietf.org<mailto:dns-privacy@ietf.org>
https://www.ietf.org/mailman/listinfo/dns-privacy

v2.23.0 | Report a Bug | By Email