IETF Logo Mail Archive

Re: [dns-privacy] Authentication in draft-ietf-dprive-opportunistic-adotq

Paul Wouters <paul@nohats.ca> Tue, 16 February 2021 16:19 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D01B3A0A69 for <dns-privacy@ietfa.amsl.com>; Tue, 16 Feb 2021 08:19:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nohats.ca
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YJiUOGnjv44O for <dns-privacy@ietfa.amsl.com>; Tue, 16 Feb 2021 08:19:00 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DAB2B3A0A63 for <dprive@ietf.org>; Tue, 16 Feb 2021 08:18:58 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 4Dg5km35mfzDDq; Tue, 16 Feb 2021 17:18:56 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nohats.ca; s=default; t=1613492336; bh=sfWHnWX8P9AUjikrLYQ1PJ4g03B1xGcVieAhPfH2IgM=; h=From:Subject:Date:References:Cc:In-Reply-To:To; b=a0QD5CF/dpm5AFtxFHlqjPTxW4oiMxm58ZgBxysPdvvlBfL88/YyLpqoJ2JS6S8kt AXokxOXBf1t/mI4YsYXVcY10l72YZR6XEj/emHa6k65ObedjCc22U3HaKbPzy7O+uT eOFK+d3kl7MLU+s7/JetEIAhP2DenyKrXsb0GRDQ=
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id eGF15uHRddWo; Tue, 16 Feb 2021 17:18:54 +0100 (CET)
Received: from bofh.nohats.ca (bofh.nohats.ca [193.110.157.194]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Tue, 16 Feb 2021 17:18:53 +0100 (CET)
Received: from [193.110.157.220] (unknown [193.110.157.220]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by bofh.nohats.ca (Postfix) with ESMTPSA id 9EA256029AF9; Tue, 16 Feb 2021 11:18:52 -0500 (EST)
Content-Type: multipart/alternative; boundary="Apple-Mail-60C80A9E-C16A-4745-AA45-2A584AC2CD8C"
Content-Transfer-Encoding: 7bit
From: Paul Wouters <paul@nohats.ca>
Mime-Version: 1.0 (1.0)
Date: Tue, 16 Feb 2021 11:18:51 -0500
Message-Id: <81E638D5-378C-45A3-89D3-3FA0843A2CA2@nohats.ca>
References: <CAHbrMsCOrS7Kz9WSKXRwwFiueaGZD1EGyuy98zi=9Qo5x3vTBw@mail.gmail.com>
Cc: Paul Hoffman <paul.hoffman@icann.org>, dprive@ietf.org
In-Reply-To: <CAHbrMsCOrS7Kz9WSKXRwwFiueaGZD1EGyuy98zi=9Qo5x3vTBw@mail.gmail.com>
To: Ben Schwartz <bemasc=40google.com@dmarc.ietf.org>
X-Mailer: iPhone Mail (18D52)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/7ZPmXPJJYWxltoY29xVP9VcJWp4>
Subject: Re: [dns-privacy] Authentication in draft-ietf-dprive-opportunistic-adotq
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Feb 2021 16:19:02 -0000

On Feb 16, 2021, at 10:23, Ben Schwartz <bemasc=40google.com@dmarc.ietf.org> wrote:
> 
> 
> I don't see why there would be a conflict between draft-ietf-dprive-opportunistic-adotq and any future authenticated encryption RFC that we produce, so I don't see the need to impose a drastic dividing line (e.g. different port numbers).

I explained that in my previous message. Opportunistic normally is “do encryption, then you may omit authentication if that is too hard”. Opportunistic is not “try this technology and maybe in the future try this completely other technology”.  

> Here's a counter-proposal:
> 1. Mark draft-ietf-dprive-opportunistic-adotq "experimental".  This is in line with previous work on opportunistic encryption, e.g. RFC 8164, and accurately reflects the draft's status as both speculative and (hopefully) transitional.
> 2. Replace Section 5 with the following language:
> 
> There is currently no defined mechanism for authenticated ADoT, so resolvers MUST NOT authenticate the server except by private agreement with the server operator.

That makes using a LetsEncrypt certificate violate the RFC’s MUST NOT. I strongly object to this as now you are actively weakening security.


>   Server operators SHOULD use self-signed certificates to avoid implying an authentication mechanism that might conflict with a future ADoT authentication standard.

Same here.

> As I've said before, I _do_ think this draft is valuable and presents a worthwhile public experiment that will pave the way for authenticated ADoT.  For DNS services that are used to DNS over UDP, running DNS over TLS is a big, scary project.  This draft can provide a way to get some practice with that in a low-risk setting, where TLS-related failures are not significantly user-visible.

The “big scary” part of using TLS is in the transport that is common for authenticated and unauthenticated TLS. And as I’ve said before, at this point in time generating a selfsigned cert is harder than getting a validated ACME certificate.


>   Once operators are comfortable with DNS over TLS, I think it will be a lot easier to start rolling out some real authentication.

I strongly disagree, please reread my previous message that describes how these solutions are identical except for how or if the authenticate the incoming certificate payload.

Paul


> 
> On Mon, Feb 15, 2021 at 5:25 PM Paul Hoffman <paul.hoffman@icann.org> wrote:
>> Greetings again. One of the issues that seems to most bother people who don't like the idea of opportunistic ADoT(Q) is the handwaviness of "but authenticate if you can". That comes from RFC 7435, which is the informational RFC that defines opportunistic security (OS). To quote from section 1.2 of that document:
>>    To achieve widespread adoption, OS must support incremental
>>    deployment.  Incremental deployment implies that security
>>    capabilities will vary from peer to peer, perhaps for a very long
>>    time.  OS protocols will attempt to establish encrypted communication
>>    whenever both parties are capable of such, and authenticated
>>    communication if that is also possible.  Thus, use of an OS protocol
>>    may yield communication that is authenticated and encrypted,
>>    unauthenticated but encrypted, or cleartext.  This last outcome will
>>    occur if not all parties to a communication support encryption (or if
>>    an active attack makes it appear that this is the case).
>> 
>> So far, the proposals for opportunistic ADoT(Q) in this WG have followed that by talking about authentication, but so far no one has given a reason to require authenticated transport given the presence of DNSSEC in the DNS protocol. There have been comments on the list (but without any supporting Internet Drafts) that some resolvers might want to only serve answers that they got in a fully authenticated fashion, and those same people objected to the consideration of opportunistic ADoT(Q) because it would make the possible later definition of a fully-authenticated protocol more difficult.
>> 
>> I propose a way forward: make the two protocols obviously different so that they don't affect each other. For those who want opportunistic ADoT(Q), change the current design so that deploying it would not make creating and deploying a fully-authenticated protocol more difficult; for those who want a fully-authenticated protocol, design it so that it does not make designing and deploying opportunistic ADoT(Q) more difficult.
>> 
>> Does this sound like a good approach going forward. It gives those supporting fully-authenticated protocol as much time as they need to come up with a working protocol design, without stopping progress on the proposal that has already gotten a fair amount of support in the WG.
>> 
>> --Paul Hoffman_______________________________________________
>> dns-privacy mailing list
>> dns-privacy@ietf.org
>> https://www.ietf.org/mailman/listinfo/dns-privacy
> _______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy

v2.23.0 | Report a Bug | By Email