IETF Logo Mail Archive

Re: [dns-privacy] [Step 2] More discussion needed: state your opinion

Shane Kerr <shane@time-travellers.org> Tue, 13 December 2016 14:47 UTC

Return-Path: <shane@time-travellers.org>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D9CE8129B13 for <dns-privacy@ietfa.amsl.com>; Tue, 13 Dec 2016 06:47:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QGqc28s7GbkU for <dns-privacy@ietfa.amsl.com>; Tue, 13 Dec 2016 06:47:02 -0800 (PST)
Received: from time-travellers.nl.eu.org (c.time-travellers.nl.eu.org [IPv6:2a02:2770::21a:4aff:fea3:eeaa]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 85563129AFC for <dns-privacy@ietf.org>; Tue, 13 Dec 2016 06:46:32 -0800 (PST)
Received: from [2001:470:78c8:2:8451:b161:196c:6f38] (helo=pallas.home.time-travellers.org) by time-travellers.nl.eu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.80) (envelope-from <shane@time-travellers.org>) id 1cGoMR-00044n-8Q; Tue, 13 Dec 2016 14:47:19 +0000
Date: Tue, 13 Dec 2016 15:46:25 +0100
From: Shane Kerr <shane@time-travellers.org>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Message-ID: <20161213154625.6b314fe6@pallas.home.time-travellers.org>
In-Reply-To: <20161213105936.opaqw6hwwkx3txk2@nic.fr>
References: <20161213105936.opaqw6hwwkx3txk2@nic.fr>
X-Mailer: Claws Mail 3.14.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="pgp-sha256"; boundary="Sig_/Fs0RhS111QpDZBH3.Zy=eDx"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/Fz4-ghpNKv3_z7j5_z8kWtge9fQ>
Cc: dns-privacy@ietf.org
Subject: Re: [dns-privacy] [Step 2] More discussion needed: state your opinion
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2016 14:47:04 -0000

Stephane,

At 2016-12-13 11:59:36 +0100
Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:

> In the minutes of the Seoul meeting, we see:
> 
> Strong hum for sticking around to work on this.
> Terry (as AD): more mailing list discussion, please
> 
> So, this email is to request this
> discussion. draft-bortzmeyer-dprive-step-2-04 is published, with all
> the remarks from the Seoul meeting integrated. Now, it is time to give
> an advice on things like:
> 
> 1) Use TLS for the resolver-to-auth link, or not?

I think that TLS may be more painful in the resolver-to-auth case, as
TCP Fast Open will be generally less useful, right?

But what are the other alternatives?

DTLS is mentioned in the draft. Do we have any benchmarks or
simulations as to the expected relative benefits of DTLS vs. TLS for
DNS?

IIRC the idea of using IPsec was also discussed somewhere. IIRC, IPsec
may have problems traversing NAT. It is also usually implemented by the
kernel, which may cause deployment issues. I *want* IPsec to be an
option here, but realistically I don't think it is.

The other alternative is to invent some novel crypto (fun but
ill-advised) or steal some equivalent (like the crypto part of
DNScurve, also mentioned in the draft). After TSIG, DNSSEC, DNS
cookies, and the rest, it would be weird if DNS used something
standard, but maybe we can try it for once? ;)

> 2) Which authentication(s) to use?

I really like the CGA approach, but realistically I don't think that
would be accepted. If we think that it would be, then I'm all for it.

----

Otherwise I think we should lean towards putting authentication tokens
in the DNS itself.

AIUI the draft, if we want to use DNS the problem is that we want to
know how to encrypt a session to a name server, but we can't look up
anything about the name server in the DNS because we don't yet know how
to encrypt a session to the name server.

Is it possible to tie the authentication to the domain instead of the
name server?

We could say sessions looking up EXAMPLE.COM use certificate 1234,
regardless of which name server they are talking to.

If we could do this, then we could even publish certificate 1234 in a DS
record, and then it would be returned by the parent. (We can use a new
type for this, which is more elegant but requires server modification
and protocol changes.)

There are several advantages of this:

* no bootstrapping issues

* no modification to existing software needed for parents

* an observer/attacker cannot know that a resolver is going to use an
  encrypted session unless they observe the actual session between the
  resolver and authoritative server (which is unavoidable)

Also some disadvantages:

* a single authoritative server may have to configure thousands of
  certificates (although of course this is less of a problem for
  hosters that are the masters of the zones, as they can share
  certificates between zones)

* keys must be shared across administrative boundaries (that is, if I
  use Dyn and FreeDNS for hosting, then both hosters can impersonate
  the other or decrypt traffic to the other)

* resolvers can't just store certificates with the name server
  information

* could be interpreted as another layer of indirection in the DNS ;)

Cheers,

--
Shane

v2.23.0 | Report a Bug | By Email