Re: [dns-privacy] Adam Roach's No Objection on draft-ietf-dprive-bcp-op-08: (with COMMENT)
Adam Roach <adam@nostrum.com> Thu, 06 February 2020 20:58 UTC
Return-Path: <adam@nostrum.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55164120832 for <dns-privacy@ietfa.amsl.com>; Thu, 6 Feb 2020 12:58:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.403
X-Spam-Level:
X-Spam-Status: No, score=-1.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.275, T_SPF_HELO_PERMERROR=0.01, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=fail (1024-bit key) reason="fail (message has been altered)" header.d=nostrum.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0jRi_QFM98I0 for <dns-privacy@ietfa.amsl.com>; Thu, 6 Feb 2020 12:58:03 -0800 (PST)
Received: from nostrum.com (raven-v6.nostrum.com [IPv6:2001:470:d:1130::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 12CF112081C for <dns-privacy@ietf.org>; Thu, 6 Feb 2020 12:58:02 -0800 (PST)
Received: from Zephyrus.local (99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228]) (authenticated bits=0) by nostrum.com (8.15.2/8.15.2) with ESMTPSA id 016KvwG4060786 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Thu, 6 Feb 2020 14:58:00 -0600 (CST) (envelope-from adam@nostrum.com)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=nostrum.com; s=default; t=1581022681; bh=CUQ9XrBr6qOWArc30eFUrvw+SZX2OMKUDuiQiOv9ndI=; h=Subject:To:Cc:References:From:Date:In-Reply-To; b=OOeuxOvVZw6+oWb+iij51H295Nd3DwroJktmFgdGd+s5PM8tNmcfTBdyPRKS7krte czAoI8hKQsmNR5qiLZaL05SKSSYExIRRCEFsqBdiLrYLSlYOc17dael+pmdSFSuY9F WAP7W4ZNbxqkBEjSrPyM/2EHJDuYVQakuxwvXQNw=
X-Authentication-Warning: raven.nostrum.com: Host 99-152-146-228.lightspeed.dllstx.sbcglobal.net [99.152.146.228] claimed to be Zephyrus.local
To: Brian Dickson <brian.peter.dickson@gmail.com>, Eric Rescorla <ekr@rtfm.com>
Cc: Tim Wicinski <tjw.ietf@gmail.com>, draft-ietf-dprive-bcp-op@ietf.org, dprive-chairs@ietf.org, DNS Privacy Working Group <dns-privacy@ietf.org>, The IESG <iesg@ietf.org>
References: <158096547226.30514.2103023305468871108.idtracker@ietfa.amsl.com> <CAH1iCiqLwP8UOJe_vWQAr7iu8j7LF2Y4+386XNimM+3wJ-2RzQ@mail.gmail.com> <9fe99917-347b-ab79-7a9c-3e8da67a5246@nostrum.com> <364cf548-9114-fcb3-52b6-a73be08b55c4@nostrum.com> <CAH1iCirzvzQUAcbctzC4Bete_mDicT7MYJL5vnaSFZnVNAUbPg@mail.gmail.com> <9104d41b-2c78-0216-3262-4ed50f389ea7@nostrum.com> <CABcZeBMF2CT--gdKNuVWw+e8CvLYjL3yX0YtMj54CQBvdZ0o0A@mail.gmail.com> <CAH1iCirLPsLX-OebLxKTfR4FDXaejcNy+TONw5FuLP2_r6GBOw@mail.gmail.com> <CABcZeBPkLaFB5fv6WigJmY9QhOJnJf3YwrmooN0BRbm8fKxLog@mail.gmail.com> <CAH1iCiq555QF=we5moHBStmCRsJ_kZ=hzYacJ=GYSKvcqEBcvA@mail.gmail.com>
From: Adam Roach <adam@nostrum.com>
Message-ID: <fd597abc-2994-aa97-0b7d-f34b51cd4be6@nostrum.com>
Date: Thu, 06 Feb 2020 14:57:53 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
MIME-Version: 1.0
In-Reply-To: <CAH1iCiq555QF=we5moHBStmCRsJ_kZ=hzYacJ=GYSKvcqEBcvA@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------A9EF4AA0F849961690D0B0C0"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/KoaDUCkMPHRBuYdKsjA2MF2fTSI>
Subject: Re: [dns-privacy] Adam Roach's No Objection on draft-ietf-dprive-bcp-op-08: (with COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Feb 2020 20:58:05 -0000
This is really getting off into the weeds. Brian -- a lot of your assertions seem to be predicated on some underlying assumption that WebPKI is worthless or nearly worthless. Can you clarify whether that's your stance? /a On 2/6/20 14:44, Brian Dickson wrote: > > > On Thu, Feb 6, 2020 at 12:08 PM Eric Rescorla <ekr@rtfm.com > <mailto:ekr@rtfm.com>> wrote: > > > > On Thu, Feb 6, 2020 at 12:04 PM Brian Dickson > <brian.peter.dickson@gmail.com > <mailto:brian.peter.dickson@gmail.com>> wrote: > > Top-top-top reply: > The Internet Threat Model you are using for web client-server > is fine. > However, for DNS, that is the wrong threat model, for several > reasons. > > * The threat for DNS cache poisoning is > recursive-to-authoritative, not client-recursive(resolver) > * The DNS path will not generally be related to the data > path, and for any parent zone, almost certainly will be > totally unrelated > * DNS recursive-to-authoritative is UDP > * UDP DNS does not require that the attacker be on-path > * Compromise of DNS caches via poisoning (by potentially > off-path attackers) leading to compromise of user data is > not exaggerated. > * The compromise risk is per-cache, as well as > per-authority-server and/or per-DNS record. > > > First, all of these are just consequences of the 3552 "attacker > completely controls the network" threat model. > > > Sorry, I'm not clear on what this statement means in this context, or > what the implication of this should be inferred as being. > > Are you saying: > > * It should be assumed (per the threat model) that any/every > attacker completely controls every network segment everywhere? > * or, that only attackers who DO control some specific network > segment are a threat? > > These have vastly different implications, clearly. > If the first one is the case, are you conceding the precondition, that > attackers can poison DNS caches arbitrarily, by manipulating all DNS > traffic? If so, that argues in favor of DNSSEC validation by the > resolver in all cases, as that is the only way the attack can be blocked. > > If the second one is the case, the bullet points you quote, contradict > that assertion. Specifically, that off-path attackers do not need to > control any network segment (let alone all network segments), to > successfully poison a DNS cache. This also argues in favor of DNSSEC > validation. > > If you mean something else, could you explain what you mean? > > > Second, the text in question is about the effect of attacks on DNS > on the Web "Users may be directed to bogus IP addresses for e.g. > websites where they might reveal personal information to attackers." > > > Correct, and I don't see anything you say here refuting the concern > over DNS cache poisoning attacks, which result in bogus IP addresses > directing users to malicious servers, etc. > > If users are sent to the wrong IP address, this substantially weakens > the argument that WebPKI is sufficient protection. > > Why are CLR and/or OCSP needed, if not to respond to compromised > certificates (meaning leaked private keys)? > > Am I missing something about WebPKI, beyond the private key proof of > possession model? > (Everything else about WebPKI is about validating the requestor's > authority and identity, but that is all orthogonal to key control.) > > A web server using a compromised key is only ever going to be visible > to a (potential) victim, and never to third parties including the > legitimate certificate holder, except incidentally to operation of the > rogue server. > > Brian > > -Ekr > > > I haven't written up the details of the more effective cache > poisoning attacks, but have been sharing summary information > for several years now. > (The underlying issue is IP fragmentation of UDP packets. This > is one of the contributing factors that the DNS Flag Day for > 2020 will include recommendations/requirements to not fragment.) > > I'd be willing to write up those more effective attacks, > including a PoC, but that won't likely happen for a few months. > > Brian > > On Thu, Feb 6, 2020 at 11:22 AM Eric Rescorla <ekr@rtfm.com > <mailto:ekr@rtfm.com>> wrote: > > Thanks. I am just looking at this text, and I think it's > inappropriate. To recap something I seem to be saying a > lot lately, the Internet Threat Model assumes a > Dolev-Yao-style attacker who controls the network between > the client and the server. TLS is designed to be secure in > this environment, and while the WebPKi is imperfect, > suggesting that compromise of local DNS lookups leads to > compromise of user data seems exaggerated, at least in the > case of Web traffic. > > -Ekr > > > On Thu, Feb 6, 2020 at 10:22 AM Adam Roach > <adam@nostrum.com <mailto:adam@nostrum.com>> wrote: > > Top-posting because I agree with the facts as you > present them. I just reach a different conclusion > based on these facts. To be clear, I think a > belt-and-suspenders approach is generally preferable. > I am merely suggesting that the "must" statement I > cite may be stronger than is actually advisable given > that such an approach is merely a small increment of > security for protocols that are otherwise secured > (e.g., HTTP, which is the example the document > chooses), rather than the sole defense, as may be the > case with other protocols. > > My top-line suggestion here is to choose a different > example than HTTP. > > Secondary to that is a suggestion that the "must" > statement really only makes sense when it is a sole > counter-measure, and that a softer recommendation > ("should") makes more sense otherwise. > > These are non-blocking comments, so I'm going to > reiterate that the WG can ignore them -- I just wanted > to make sure they were considered. It would be nice to > hear from other folks on the topic as well. > > /a > > On 2/6/20 11:57, Brian Dickson wrote: >> >> >> On Thu, Feb 6, 2020 at 9:31 AM Adam Roach >> <adam@nostrum.com <mailto:adam@nostrum.com>> wrote: >> >> On 2/6/20 09:08, Adam Roach wrote: >> > >> > For the specific example chosen, it's been made >> pretty clear over the >> > years that at least the clients for the >> specific service you cite have >> > no interest in incurring this additional cost. >> If that's the working >> > group consensus, then I have no interest in >> over-riding it. But >> > ignoring operational realities seems kind of >> ivory tower-ish, which >> > feels like the kind of thing that undermines >> the general credibility >> > of the rest of the document. >> > >> >> >> Could you please be more specific? >> >> When you say "for the specific service", do you mean >> DNSSEC? >> >> And do you mean the signing of DNS zones using >> DNSSEC, when you refer to clients of that service? >> >> Perhaps you missed my microphone comments at the last >> IETF? >> >> Specifically that GoDaddy will be turning on DNSSEC >> for the vast majority of its DNS hosting customers? >> >> This represents about 40% of the DNS zones on the >> Internet. >> (The exact time frame is not set in stone, but we >> expect this to be done in the first half of 2020.) >> >> Given that this significantly alters the calculus, I >> don't think that is a good enough reason to object in >> and of itself anymore. >> >> The other aspect of this is the asymmetry involved in >> the defenses against impersonation: >> >> * The choice to sign a DNS zone is under control of >> the zone owner >> * The choice to deploy RPKI on routes (to protect >> against BGP hijacking) is under control of the IP >> prefix holder >> * Both methods rely on third parties to cooperate >> to achieve the protections offered >> * RPKI routing filters are now widely deployed, and >> RPKI registrations are substantial >> * The remaining issue is DNSSEC validation; many >> (most?) of the public recursive operators do this >> already >> >> The logic should be, defend against all feasible >> attacks, rather than justifying the non-defense in >> one area (DNSSEC for DNS) based on the assertion that >> another area is not being defended (RPKI for BGP). >> >> Brian >> >> >> I realize that my editing made one of the pronoun >> antecedents here go >> away. The second sentence should have said >> something more like "If >> keeping the current text is the working group >> consensus..." >> >> /a >> > > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org <mailto:dns-privacy@ietf.org> > https://www.ietf.org/mailman/listinfo/dns-privacy >
- [dns-privacy] Adam Roach's No Objection on draft-… Adam Roach via Datatracker
- Re: [dns-privacy] Adam Roach's No Objection on dr… Rob Sayre
- Re: [dns-privacy] Adam Roach's No Objection on dr… Brian Dickson
- Re: [dns-privacy] Adam Roach's No Objection on dr… Adam Roach
- Re: [dns-privacy] Adam Roach's No Objection on dr… Adam Roach
- Re: [dns-privacy] Adam Roach's No Objection on dr… Brian Dickson
- Re: [dns-privacy] Adam Roach's No Objection on dr… Adam Roach
- Re: [dns-privacy] Adam Roach's No Objection on dr… Eric Rescorla
- Re: [dns-privacy] Adam Roach's No Objection on dr… Brian Dickson
- Re: [dns-privacy] Adam Roach's No Objection on dr… Eric Rescorla
- Re: [dns-privacy] Adam Roach's No Objection on dr… Rob Sayre
- Re: [dns-privacy] Adam Roach's No Objection on dr… Brian Dickson
- Re: [dns-privacy] Adam Roach's No Objection on dr… Eric Rescorla
- Re: [dns-privacy] Adam Roach's No Objection on dr… Adam Roach
- Re: [dns-privacy] Adam Roach's No Objection on dr… Brian Dickson
- Re: [dns-privacy] Adam Roach's No Objection on dr… Benjamin Kaduk
- Re: [dns-privacy] Adam Roach's No Objection on dr… Rob Sayre
- Re: [dns-privacy] Adam Roach's No Objection on dr… Eric Rescorla
- Re: [dns-privacy] Adam Roach's No Objection on dr… Rob Sayre
- Re: [dns-privacy] Adam Roach's No Objection on dr… Brian Dickson
- Re: [dns-privacy] Adam Roach's No Objection on dr… Konda, Tirumaleswar Reddy
- Re: [dns-privacy] Adam Roach's No Objection on dr… Eric Rescorla
- Re: [dns-privacy] Adam Roach's No Objection on dr… Brian Dickson
- Re: [dns-privacy] Adam Roach's No Objection on dr… Rob Sayre
- Re: [dns-privacy] Adam Roach's No Objection on dr… Sara Dickinson