IETF Logo Mail Archive

Re: [dns-privacy] Authentication in draft-ietf-dprive-opportunistic-adotq

Ben Schwartz <bemasc@google.com> Tue, 16 February 2021 15:23 UTC

Return-Path: <bemasc@google.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C847B3A0EEA for <dns-privacy@ietfa.amsl.com>; Tue, 16 Feb 2021 07:23:35 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.598
X-Spam-Level:
X-Spam-Status: No, score=-17.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nk090kWoa1wr for <dns-privacy@ietfa.amsl.com>; Tue, 16 Feb 2021 07:23:31 -0800 (PST)
Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB3A23A0EE5 for <dprive@ietf.org>; Tue, 16 Feb 2021 07:23:31 -0800 (PST)
Received: by mail-io1-xd29.google.com with SMTP id u20so10498087iot.9 for <dprive@ietf.org>; Tue, 16 Feb 2021 07:23:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=wG6FfPSs2CAdEyQsfJaHiRkUENOcuBi6LiU0+jJ7jdc=; b=CoKvsn8yZcCS7g1ovsxzBjNE87kApJSigrR9n6j5A/iOgfeKr/EKdYsYpi6lvRwb2C 60uxZDm9F5iol7KhmXPhNZCeEPuCBr+sau15l6SRPsxAGGp05rXQ5YkxIQYIbkHVv6lq YSc/G8gCxFE4Vvy4jH/IUb2v40Wo63a8SmDuQ4HIFfGa9FsNk4ou7ULR3FfCee1dku2M jcCYUK6K3NwaLpCugwuGeNyt69ANlibKWoClC12CGVfAvCAt+Lm+DMplRwDNdwBAVNSa COFSNteVh2eZ9DTyWeGijc1mbkQ/mWUZO6zC+jYJ4NMW2LdNigtwI3//ttF1JmBH6HoQ uy9g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=wG6FfPSs2CAdEyQsfJaHiRkUENOcuBi6LiU0+jJ7jdc=; b=K+nv0/j8/+UPhzd10IFK0DYiNlqjQI5Zne8nl7Wt9qXmiFTAByDXh0dtAFhFueiGjJ 9H3VnrWXLVco3Oi2wSDmoGkmMqI9aPP53Z1bAMX50hdwUd31U4lNW6zxkrUQOZf6CZNA acJJLfleElbz4a7LM4Via6L2u14bU+aStPO2QBMX0TkCJA1EkA7ounf4mjOtvVrRW1Ny Romsgd6axDItsirdS4Eldp2t2Bg89fr7rL3q/UY6L8cmrb/CAvmTKn1RqBQe51NaTzTn mDhhMcIfRFThvpAj/7zWX/oDPx4tmNFaxdKUhEpnG+LcEFPwHb4eR+jLhPixvs187tcq eKVw==
X-Gm-Message-State: AOAM533MnULrd0s/gP5gasBLnnvCMmMJkMUTRajjBr61S0L7QZ/WjdFX u8ZyorpO05Zp6OWu5my5ctdujtZLZhAn//M5k//0EQQxxVg=
X-Google-Smtp-Source: ABdhPJxmr0YZjDxTRM3mXCyXyt5k12rVvuJAjC53r+TOTsm/W9DPSut6++1P4fWBVzmAQHnvMM/QvA45/om3BEPAWIo=
X-Received: by 2002:a5d:8490:: with SMTP id t16mr17167591iom.91.1613489010822; Tue, 16 Feb 2021 07:23:30 -0800 (PST)
MIME-Version: 1.0
References: <230F580F-BA87-4921-B45B-2909ACE385B1@icann.org>
In-Reply-To: <230F580F-BA87-4921-B45B-2909ACE385B1@icann.org>
From: Ben Schwartz <bemasc@google.com>
Date: Tue, 16 Feb 2021 10:23:19 -0500
Message-ID: <CAHbrMsCOrS7Kz9WSKXRwwFiueaGZD1EGyuy98zi=9Qo5x3vTBw@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: "dprive@ietf.org" <dprive@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="0000000000005cfef205bb75af7e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/BiYbNEVZfd-mhYdzuXiNAqR2CvQ>
Subject: Re: [dns-privacy] Authentication in draft-ietf-dprive-opportunistic-adotq
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Feb 2021 15:23:36 -0000

On Mon, Feb 15, 2021 at 5:25 PM Paul Hoffman <paul.hoffman@icann.org> wrote:
...

> I propose a way forward: make the two protocols obviously different so
> that they don't affect each other. For those who want opportunistic
> ADoT(Q), change the current design so that deploying it would not make
> creating and deploying a fully-authenticated protocol more difficult; for
> those who want a fully-authenticated protocol, design it so that it does
> not make designing and deploying opportunistic ADoT(Q) more difficult.
>

I don't see why there would be a conflict between
draft-ietf-dprive-opportunistic-adotq and any future authenticated
encryption RFC that we produce, so I don't see the need to impose a drastic
dividing line (e.g. different port numbers).

Here's a counter-proposal:
1. Mark draft-ietf-dprive-opportunistic-adotq "experimental".  This is in
line with previous work on opportunistic encryption, e.g. RFC 8164, and
accurately reflects the draft's status as both speculative and (hopefully)
transitional.
2. Replace Section 5 with the following language:

There is currently no defined mechanism for authenticated ADoT, so
resolvers MUST NOT authenticate the server except by private agreement with
the server operator.  Server operators SHOULD use self-signed certificates
to avoid implying an authentication mechanism that might conflict with a
future ADoT authentication standard.

As I've said before, I _do_ think this draft is valuable and presents a
worthwhile public experiment that will pave the way for authenticated
ADoT.  For DNS services that are used to DNS over UDP, running DNS over TLS
is a big, scary project.  This draft can provide a way to get some practice
with that in a low-risk setting, where TLS-related failures are not
significantly user-visible.  Once operators are comfortable with DNS over
TLS, I think it will be a lot easier to start rolling out some real
authentication.

On Mon, Feb 15, 2021 at 5:25 PM Paul Hoffman <paul.hoffman@icann.org> wrote:

> Greetings again. One of the issues that seems to most bother people who
> don't like the idea of opportunistic ADoT(Q) is the handwaviness of "but
> authenticate if you can". That comes from RFC 7435, which is the
> informational RFC that defines opportunistic security (OS). To quote from
> section 1.2 of that document:
>    To achieve widespread adoption, OS must support incremental
>    deployment.  Incremental deployment implies that security
>    capabilities will vary from peer to peer, perhaps for a very long
>    time.  OS protocols will attempt to establish encrypted communication
>    whenever both parties are capable of such, and authenticated
>    communication if that is also possible.  Thus, use of an OS protocol
>    may yield communication that is authenticated and encrypted,
>    unauthenticated but encrypted, or cleartext.  This last outcome will
>    occur if not all parties to a communication support encryption (or if
>    an active attack makes it appear that this is the case).
>
> So far, the proposals for opportunistic ADoT(Q) in this WG have followed
> that by talking about authentication, but so far no one has given a reason
> to require authenticated transport given the presence of DNSSEC in the DNS
> protocol. There have been comments on the list (but without any supporting
> Internet Drafts) that some resolvers might want to only serve answers that
> they got in a fully authenticated fashion, and those same people objected
> to the consideration of opportunistic ADoT(Q) because it would make the
> possible later definition of a fully-authenticated protocol more difficult.
>
> I propose a way forward: make the two protocols obviously different so
> that they don't affect each other. For those who want opportunistic
> ADoT(Q), change the current design so that deploying it would not make
> creating and deploying a fully-authenticated protocol more difficult; for
> those who want a fully-authenticated protocol, design it so that it does
> not make designing and deploying opportunistic ADoT(Q) more difficult.
>
> Does this sound like a good approach going forward. It gives those
> supporting fully-authenticated protocol as much time as they need to come
> up with a working protocol design, without stopping progress on the
> proposal that has already gotten a fair amount of support in the WG.
>
> --Paul Hoffman_______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy
>

v2.23.0 | Report a Bug | By Email