Re: [dns-privacy] [art] [Ext] Artart last call review of draft-ietf-dprive-unilateral-probing-12

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 13 September 2023 00:26 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CB4DC13AE3C; Tue, 12 Sep 2023 17:26:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.313
X-Spam-Level:
X-Spam-Status: No, score=-1.313 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, RDNS_NONE=0.793, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b="hzjbl6I7"; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b="WvfY5/zk"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nlcyO7B6AcbP; Tue, 12 Sep 2023 17:26:12 -0700 (PDT)
Received: from che.mayfirst.org (unknown [162.247.75.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B1F84C151707; Tue, 12 Sep 2023 17:26:11 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1694564770; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=BSAUefglay3vdhMSfmvEkNGmj7wa2Ahc+zHV6SM2QVM=; b=hzjbl6I749YD/JzoiycOnsUsnIdfA/sWKUwyMlTx20UjhK+tGBwa2V2v4t/G30YAtXTEF 81TtybqSTx+1a1aCQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1694564770; h=from : to : cc : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=BSAUefglay3vdhMSfmvEkNGmj7wa2Ahc+zHV6SM2QVM=; b=WvfY5/zksnvZiwfuSDnwfgPWQWDUnYjRIInWWJY2d3paDs35CkwwnXCxGPzxRVr7v1Z3b /g5+Em78gMJSiZ9V5vt5byXDSRz3+U+mwLVr5RIJAcuJUwSBIv2cgl47cntIJmPdcIBEaVK bjlDP2vS2OeHxKeszKxLKokANyk8xsdSSs9RqnF9FSbof0+jUCVK5Uz9xe51YeYROmINgra TNMYwQTRRRHRidNoPuLct/qZA2Sf+MQtXgzkg8vXCHXEXhGCwRLxBMTei9CnB1TGQHYgD7R mpSSgik16JA5R97sMJzvQk5lOUdmnerPMB+/VL9071FgX4w1XLMZx9FKjFFA==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id F004BF9E6; Tue, 12 Sep 2023 20:26:09 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id E8F0E204F1; Tue, 12 Sep 2023 20:26:06 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Rob Sayre <sayrer@gmail.com>, Paul Hoffman <paul.hoffman@icann.org>
Cc: Bron Gondwana <brong@fastmailteam.com>, "art@ietf.org" <art@ietf.org>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>, "draft-ietf-dprive-unilateral-probing.all@ietf.org" <draft-ietf-dprive-unilateral-probing.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
In-Reply-To: <CAChr6Sydrhs9i+WnzA9gBOuvGCE7_5ndNEJEmUTZLKxU6e9YrQ@mail.gmail.com>
References: <169409620800.15857.16759296263081674061@ietfa.amsl.com> <EC3FE6BF-3296-404F-A888-F2D3D0573FE4@icann.org> <932d01e4-1bc1-46b9-bd8b-76241b42461c@app.fastmail.com> <F7A25965-3570-4516-9D1B-74D0EA93DC4F@icann.org> <CAChr6Sydrhs9i+WnzA9gBOuvGCE7_5ndNEJEmUTZLKxU6e9YrQ@mail.gmail.com>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Tue, 12 Sep 2023 20:26:05 -0400
Message-ID: <87a5tqzzoi.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/Lo__Tm_HlsS5KDUO2yax0BYDxTY>
Subject: Re: [dns-privacy] [art] [Ext] Artart last call review of draft-ietf-dprive-unilateral-probing-12
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Sep 2023 00:26:17 -0000

On Thu 2023-09-07 19:38:01 -0700, Rob Sayre wrote:
> On Thu, Sep 7, 2023 at 7:15 PM Paul Hoffman <paul.hoffman@icann.org> wrote:
>
>> On Sep 7, 2023, at 6:58 PM, Bron Gondwana <brong@fastmailteam.com> wrote:
>> >> Are you proposing a shorter value for "damping", or a note saying "1
>> day is just the suggested value, you might choose a shorter one if you
>> want"? Or something else?
>> >
>> > I'm suggesting a backoff algorithm which isn't "single failure gives you
>> N hours of no retry" - particularly, if you have an existing encrypted
>> connection and it has a fault, my reading was that you don't retry at all
>> to form an encrypted connection, even when talking to somewhere that has
>> previously succeeded.  I agree you don't want to try more than once per day
>> against a server that's never supported encryption, but if you have had
>> consistent success encrypting to a server, then a single failure, you don't
>> want to be treating that one the same!  It's definitely worth retrying
>> faster than a full day later.
>>
>> This sounds like you want a smaller value than 1 day for `damping` then.
>> Because those parameters are only suggested defaults, a resolver operator
>> like you could simply change the 1 day to maybe 1 hour, with the risk of
>> slowing down resolution to that one nameserver.
>
> I think you might want to rephrase this part. It seems like you really mean
> retries asymptotically approaching a 1 day timeout. What I've found works
> is exponential backoff that doesn't get too pessimistic, and also contains
> some amount of uncertain time intervals. It seems very dumb at first. But,
> if one piece breaks that may have nothing to do with DNS, you will get a
> stampede. Introducing a little bit of uncertainty can help.

Thanks for all this discussion.  The main purpose of having any sort of
damping in the draft is to encourage operators of authoritative servers
that they will not find themselves in trouble even if they enable
encrypted transport briefly for experimentation or evaluation, and then
turn it off again.

There are two kinds of trouble that such an authoritative server could
find itself in:

 a) It could be flooded with queries on a transport that it no longer
    supports.

 b) Queries from recursive resolvers could fail or be substantially
    delayed when the encrypted transport is disabled.

The `damping` parameter primarily influences (a), which i'd argue is
likely the less-important of the two, operationally, since it doesn't
cost the authoritative operator that much to send a "port closed" ICMP
response.  ((b) is influenced more by the `timeout` parameter.)

It looks to me like it would be fine to introduce something more
sophisticated than a static `damping` parameter with the aim of
increasing the total amount of encrypted transport happening, but to do
so, you'd need to add to the per-authoritative-IP state held by
recursive resolver.  This would further expand the table "Recursive
resolver state per authoritative IP, per encrypted transport", adding
more complexity to the implementation.

(it looks to me like you could probably do the uncertainty proposal it
without adding to the state if you just applied a randomized offset to
the test that evaluates: `(T0 - E-completed[X]) > damping` though)

If done wrong, it could also increase the risk of (b) happening: in
particular, you'd want make sure any change would *only* affect the
reversion to "happy eyeballs" style dual querying, rather than avoiding
the cleartext queries for too long.  and of course, happy-eyeballs-style
queries will leak information.

From my perspective, the simple approach described in the draft is a
good opportunistic baseline -- minimally complex, works fine
(opportunistically) with a functioning server in the absence of an
active attacker, and fails gracefully in the face of errors on the
server side.

Any subsequent draft that specifies strong (non-opportunistic)
confidentiality for DNS queries should of course be more cautious.  But
i think sticking with the simplest guidance that provides moderate
confidentiality for this case is the right way to go.  If implementers
end up doing something more sophisticated i'd hope they would report
back on what they did and what parameters they chose.  I don't think
more sophistication or complexity needs to be in this particular draft,
though.

        --dkg