IETF Logo Mail Archive

Re: [dns-privacy] Complete changes to the (no longer just) opportunistic ADoT draft

Ben Schwartz <bemasc@google.com> Tue, 23 February 2021 19:31 UTC

Return-Path: <bemasc@google.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 573D13A109F for <dns-privacy@ietfa.amsl.com>; Tue, 23 Feb 2021 11:31:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.599
X-Spam-Level:
X-Spam-Status: No, score=-17.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rZ21VHCh6WFr for <dns-privacy@ietfa.amsl.com>; Tue, 23 Feb 2021 11:31:12 -0800 (PST)
Received: from mail-il1-x12a.google.com (mail-il1-x12a.google.com [IPv6:2607:f8b0:4864:20::12a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ED8533A109C for <dprive@ietf.org>; Tue, 23 Feb 2021 11:31:11 -0800 (PST)
Received: by mail-il1-x12a.google.com with SMTP id f7so2020330ilk.12 for <dprive@ietf.org>; Tue, 23 Feb 2021 11:31:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ufT3+Y8lPuoQuEsDSjZtmTw0pAKxajfosPE8x/vxrFI=; b=uoaN6su/SP5OA9ScP1cUnjYMO4QarsuDR/Wkz0jM1tYOICoClOcikzFksuP6Drn8S4 AnUBmG6+BPTgxVIpnKGj7701sR9Ri/ucSlXSuADFKR1gw9my7U1ClbB1Ep1sutZ+BHsi fp8l1KMyZZp3Mcv4HWJsgNcqbNMUF/SswQPZTpg1Ini9MryCq0u6vbF1G0P9cXIm09Lo awgRezexGQrCDYdDBcuaSyRCch4luokPFLYIRuLNaKpja7RwrNohQmlbeoQwg5kLBV87 xUM6oG/xsaI397mHt/zSKz2BKTWqww84TbJIZLnD8oN1eCe2vTuSPjNAacBBsvjaiQEV bniA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ufT3+Y8lPuoQuEsDSjZtmTw0pAKxajfosPE8x/vxrFI=; b=ueOTMFZ41Y51bS1dQ3zRFns7JiePTs7LbcUlGHgGHmlFNjbNfkMYFFxUE1asj5kpJT CHmVbNTCmuH/76BR7O4sMLAiHnbvyK6kZS+GsKAGNmqXh9kHp+ibOM2R3E1gVhCu8aai ePI/Xc/Wg1PqDr2XA3es4A3Wj8eydEuydhuEjuksY6utIeh31CeSMo5ZzPmfDHhxyQ5K i8KN84A36gZ++BQXIJZLnf8EOJbar8qEf7PWKgvoGYt0jWFJfINknM3vi/Rfm4dbE7Hf ikoI2UuvZgM6Rq3oM2T8WFoFjK+wzS1fuk1kgrPZxxXAQ7fMbSwStulhVCPBtRYWQN2i 8Ghw==
X-Gm-Message-State: AOAM530PVhtFdm5tC27AtwQcgsEK+XTeh2rP8ZZ+AkWsFm/66IjK+M/9 Yf7wuSSPsX+9m/0ZoQG88ap7bqCuhkn1Jvc0Jxvy4FI9fjkcfQ==
X-Google-Smtp-Source: ABdhPJz0haohSxjwC22pm3sDVbB1FKRk0FXHRkZBMA5mtTwS0sGdyjRfjNYsU0w9NbCEa4Ocur3fMBhvlhklK4h23fY=
X-Received: by 2002:a92:da90:: with SMTP id u16mr430807iln.275.1614108671027; Tue, 23 Feb 2021 11:31:11 -0800 (PST)
MIME-Version: 1.0
References: <5478A187-BF50-4ACB-8A6C-BDE56233F4A7@icann.org>
In-Reply-To: <5478A187-BF50-4ACB-8A6C-BDE56233F4A7@icann.org>
From: Ben Schwartz <bemasc@google.com>
Date: Tue, 23 Feb 2021 14:30:59 -0500
Message-ID: <CAHbrMsBiMUopBGoCzeMLj_wari8HLmH+DsFaj7f9vhOQgeEMtw@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: "dprive@ietf.org" <dprive@ietf.org>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="000000000000fd27d405bc05f540"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/H-7egcYAUxxE_3x0JZvRzkvtW-k>
Subject: Re: [dns-privacy] Complete changes to the (no longer just) opportunistic ADoT draft
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Feb 2021 19:31:14 -0000

I really want fully authenticated ADoT but I have significant concerns with
this draft.

As Paul notes, this draft is so different from the previous draft that it
covers effectively a new problem space.  This is surprising for an adopted
document.

The draft states the authenticated use case as follows:
> The use case in this document for fully-authenticated encryption is
> recursive resolver operators who want to prevent on-path attackers
> from impersonating authoritative servers for zones for which the
> resolver is sending queries.

Unfortunately, the draft does not achieve this goal:
1. Because it only checks for TLSA records asynchronously, the first
queries to an uncached nameserver will always be in cleartext.
2. Within the current text, an attacker could simply drop any TLSA
responses, ensuring that they never reach the cache.  The resolver will
then send cleartext indefinitely.
3. An attacker could replace the parent's NS glue record with their own
name, so that the TLSA query goes to _853._tcp.attacker.example.

Additionally, I think this draft raises serious operational concerns, by
enabling "doomed" configurations.  Suppose "ns.customer.example" is an
alias for "ns.cloud.example".  If "ns.cloud.example" starts supporting
ADoT, the customer can place a TLSA record at
"_853._tcp.ns.customer.example".  This will provide the customer with
working authenticated ADoT ... until ns.cloud.example changes its
configuration (e.g. a key rotation months later), at which point the
customer's zone will become instantly inaccessible to authenticating
resolvers.

I think we can, and should, solve all of these problems, but doing so in a
way that is widely applicable, easily deployed, and latency-efficient in
the common cases is a very tricky project that has inspired half a dozen
highly creative drafts so far.

In my view, this proposal is too early, incomplete, and carries significant
risk.  It's possible that we will ultimately produce a solution that is
compatible with this approach, but that seems far from certain to me.

On Mon, Feb 22, 2021 at 4:28 PM Paul Hoffman <paul.hoffman@icann.org> wrote:

> Greetings again. You probably just saw the announcement of
> draft-ietf-dprive-opportunistic-adotq-01. After the discussion on the list
> about us having to make the opportunistic draft track the (unpublished)
> fully-authenticated draft, Peter and I decided it would be easier for the
> WG to keep both ideas in their heads by making a single draft that covers
> both opportunistic and fully-authenticated ADoT.
>
> Thus, the new draft his titled "Recursive to Authoritative DNS with
> Encryption" because it covers both use cases and the process for both types
> of resolvers. (Clearly, we should change the draft's filename after the
> draft submission window opens again in two weeks.) We tried hard to make
> the protocol description as short as possible by not repeating steps that
> are the same for all resolvers, but also to clearly differentiate when
> something is different.
>
> The changes are so massive that the diff is useless; you have to read this
> as a new document.
>
> This is just a first attempt at a combined-use-case document. There are
> certainly holes, and probably places where people will want to change the
> protocol for their preferred use case. (Of course, if people hate the idea
> of a single document, we can do another version of this that just covers
> the opportunistic use case, and proponents of the fully-authenticated use
> case can use it as a template for their work.)
>
> One obvious set of changes we will ask the WG about is adding DoQ
> throughout. In our structuring of the new document, we don't think that
> will be too disruptive.
>
> Please review and comment. Please remember that this is a very early
> version and is not meant to be complete now, but we will certainly want it
> to be so over the course of many months.
>
> --Paul Hoffman_______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy
>

v2.23.0 | Report a Bug | By Email