IETF Logo Mail Archive

Re: [dns-privacy] Stephen Farrell's Discuss on draft-ietf-dprive-dnsodtls-13: (with DISCUSS and COMMENT)

"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Wed, 14 December 2016 13:51 UTC

Return-Path: <tireddy@cisco.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91959129659; Wed, 14 Dec 2016 05:51:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.418
X-Spam-Level:
X-Spam-Status: No, score=-17.418 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-2.896, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3UPx78bNnr0o; Wed, 14 Dec 2016 05:51:16 -0800 (PST)
Received: from alln-iport-6.cisco.com (alln-iport-6.cisco.com [173.37.142.93]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA733129646; Wed, 14 Dec 2016 05:51:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=12740; q=dns/txt; s=iport; t=1481723476; x=1482933076; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=LnN7POv573XaBae8QISHbDv0UWO9jYV1lUN9cMX2Qrs=; b=UxGgHUbRFL/3kMil5YiV+kkOD68Y9nqHD6zX076uoeid5qO0cSbGO9X1 agXv5WhdjI+4H4i/Dg6pByuSvFFtoLEJ4tUEGr2II9mV0jBwODtmCgcXy FH/Pgc6pfY0vEqvDRFrCJspw9/6m3ADjyAZk8ft1ru4mN1tuhRzKQyfj2 M=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0AbAQAKTVFY/4UNJK1UCRkBAQEBAQEBAQEBAQcBAQEBAYM3AQEBAQEfWoEGB41HlxuHdo0RggkfC4V4AhqBXD8UAQIBAQEBAQEBYiiEaAEBAQMBAQEhEToLBQcEAgEIEQQBAQECAh8EAwICAh8GCxQBCAgCBAENBQgTiDYDDwgOqXGCKIc3DYNJAQEBAQEBAQEBAQEBAQEBAQEBAQEBGAWBC4Uzg1OBCIJIgUkJBwoBBi2CbYJdBYhjhh6LNTUBhk+DEoNeg2SBfYUBiVaHbIFxhDeEDgEfN2M/KYQEgUVyAQGGAYEhgQ0BAQE
X-IronPort-AV: E=Sophos;i="5.33,346,1477958400"; d="scan'208";a="360834902"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-6.cisco.com with ESMTP/TLS/DHE-RSA-AES256-SHA; 14 Dec 2016 13:50:58 +0000
Received: from XCH-ALN-018.cisco.com (xch-aln-018.cisco.com [173.36.7.28]) by alln-core-11.cisco.com (8.14.5/8.14.5) with ESMTP id uBEDowgv011902 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Wed, 14 Dec 2016 13:50:58 GMT
Received: from xch-rcd-017.cisco.com (173.37.102.27) by XCH-ALN-018.cisco.com (173.36.7.28) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Wed, 14 Dec 2016 07:50:58 -0600
Received: from xch-rcd-017.cisco.com ([173.37.102.27]) by XCH-RCD-017.cisco.com ([173.37.102.27]) with mapi id 15.00.1210.000; Wed, 14 Dec 2016 07:50:58 -0600
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Thread-Topic: [dns-privacy] Stephen Farrell's Discuss on draft-ietf-dprive-dnsodtls-13: (with DISCUSS and COMMENT)
Thread-Index: AQHSVUFhP0wjUX5CzkeEbgbXeUVqrqEF/KwwgAF46gD///ecgA==
Date: Wed, 14 Dec 2016 13:50:58 +0000
Message-ID: <0717cf40cf0c4cefae22fc23d1342e93@XCH-RCD-017.cisco.com>
References: <148163419601.29447.15218887979317459041.idtracker@ietfa.amsl.com> <b07056c0051f4c10b43aab2f10916583@XCH-RCD-017.cisco.com> <f7f5c629-55e1-b256-0fe1-0b445eecf6a2@cs.tcd.ie>
In-Reply-To: <f7f5c629-55e1-b256-0fe1-0b445eecf6a2@cs.tcd.ie>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.65.42.83]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/OfA-6pdyX53kPkPibDg3kwSP7s8>
Cc: "tjw.ietf@gmail.com" <tjw.ietf@gmail.com>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>, "draft-ietf-dprive-dnsodtls@ietf.org" <draft-ietf-dprive-dnsodtls@ietf.org>, "dprive-chairs@ietf.org" <dprive-chairs@ietf.org>
Subject: Re: [dns-privacy] Stephen Farrell's Discuss on draft-ietf-dprive-dnsodtls-13: (with DISCUSS and COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2016 13:51:18 -0000

> -----Original Message-----
> From: Stephen Farrell [mailto:stephen.farrell@cs.tcd.ie]
> Sent: Wednesday, December 14, 2016 1:13 PM
> To: Tirumaleswar Reddy (tireddy) <tireddy@cisco.com>; The IESG
> <iesg@ietf.org>
> Cc: tjw.ietf@gmail.com; dns-privacy@ietf.org; draft-ietf-dprive-
> dnsodtls@ietf.org; dprive-chairs@ietf.org
> Subject: Re: [dns-privacy] Stephen Farrell's Discuss on draft-ietf-dprive-
> dnsodtls-13: (with DISCUSS and COMMENT)
> 
> 
> Hiya,
> 
> I think we're nearly set here - just two real points below
> and a couple of nits...
> 
> On 14/12/16 05:59, Tirumaleswar Reddy (tireddy) wrote:
> > Hi Stephen,
> >
> > Thanks for the review. Please see inline
> >
> >> -----Original Message----- From: dns-privacy
> >> [mailto:dns-privacy-bounces@ietf.org] On Behalf Of Stephen Farrell
> >> Sent: Tuesday, December 13, 2016 6:33 PM To: The IESG
> >> <iesg@ietf.org> Cc: tjw.ietf@gmail.com; dns-privacy@ietf.org;
> >> draft-ietf-dprive- dnsodtls@ietf.org; dprive-chairs@ietf.org
> >> Subject: [dns-privacy] Stephen Farrell's Discuss on
> >> draft-ietf-dprive-dnsodtls- 13: (with DISCUSS and COMMENT)
> >>
> >> Stephen Farrell has entered the following ballot position for
> >> draft-ietf-dprive-dnsodtls-13: Discuss
> >>
> >> When responding, please keep the subject line intact and reply to
> >> all email addresses included in the To and CC lines. (Feel free to
> >> cut this introductory paragraph, however.)
> >>
> >>
> >> Please refer to
> >> https://www.ietf.org/iesg/statement/discuss-criteria.html for more
> >> information about IESG DISCUSS and COMMENT positions.
> >>
> >>
> >> The document, along with other ballot positions, can be found
> >> here: https://datatracker.ietf.org/doc/draft-ietf-dprive-dnsodtls/
> >>
> >>
> >>
> >> ----------------------------------------------------------------------
> >>
> >>
> DISCUSS:
> >> ----------------------------------------------------------------------
> >>
> >>
> >>
> >>
> >>
> I have two discuss points to chat about before I ballot yes for this:
> >>
> >> (1) I think it'd be good to make the nature of this RFC clear in
> >> the document, so that folks don't get confused and implement this
> >> now, when we think they ought be using TLS for stub to recursive
> >> privacy. I'd suggest maybe adding a note here (possibly an IESG
> >> note, or just more text before 1.1, whatever), that says something
> >> like: "This DTLS solution was considered by the DPRIVE working
> >> group as an option to use in case the TLS based approach specified
> >> in RFC7858 turns out to have some issues when deployed.  At the
> >> time of writing, it is expected that RFC7858 is what will be
> >> deployed, and so this specification is mainly intended as a
> >> backup." Note that while text like that may also end up in the
> >> profiles document, I still think it may be useful here as well.
> >
> > Yes, will add the above text to a new Section (named "Document
> > Status")
> 
> Great.
> 
> > and also to add the following additional text to this
> > section (to address the comment from Beniot):
> >
> > The following guidelines should be considered when deploying and
> > performance benchmarking DNS over DTLS:
> >
> > 1)DNS over DTLS should not be deployed standalone without DNS over
> > TLS. When DNS over DTLS is used and the DNS server's response exceeds
> > the EDNS0 value, the DNS server sets the TC (truncated) bit.  On
> > receiving a response with the TC bit set, the DNS client based on the
> > current usage profile [I-D.ietf-dprive-dtls-and-tls-profiles] may
> > fallback to DNS over TCP.
> 
> I thought that was already stated clearly enough, but no
> harm re-iterating it I guess.
> 
> >
> > 2) DNS over DTLS performance in comparison with DNS over TLS may be
> > better in lossy networks. DNS over DTLS can recover from packet loss
> > and reordering, and does not suffer from network head-of-line
> > blocking.
> >
> > 3) The number of round trips to send the first DNS query over DNS
> > over DTLS is less than the number of round trips to send the first
> > DNS query over TLS. If TCP Fast Open is used, it only works for
> > subsequent TCP connections between the DNS client and server (Section
> > 3 in RFC7413).
> >
> > 4) If DTLS 1.3 protocol [I-D.rescorla-tls-dtls13] is used for DNS
> > over DTLS, it provides critical latency improvements for connection
> > establishment over DTLS 1.2. If DNS servers are configured with
> > anycast addresses, and when the network configuration or routing
> > changes, a DNS-over-DTLS packet can be received by a server that does
> > not have the necessary cryptographic context. In this case, the DNS
> > client can use 0-RTT mode in which the DOTS client can send DNS
> 
> DOTS? Typo I guess.

Yes, will fix.

> 
> > request on its first flight, thus reducing handshake latency. However
> > with DNS over TLS, the DNS client will have to first establish a TCP
> > connection with the server and then use 0-RTT mode.
> 
> But 0RTT is replayable, which iirc is particularly dangerous
> for foo/DTLS/UDP with anycast and if the attacker can see
> the upstream queries from an anycast instance with an empty
> cachce at which the attacker has targetted a replayed query.
> So the text in (4) needs a bit of work I think. (Though it's
> possible I'm remembering this stuff badly;-)
> 
> >
> >>
> >> (2) Section 4: No mention of OCSP stapling? And come to think of
> >> it, how would non-stapled OCSP even work? And since I've now
> >> thought of it, how will OCSP work with RFC7858? Does this (and
> >> 7858) need to mandate stapling or no revocation checking via OCSP
> >> at all?  (Apologies for not asking about that when we were
> >> processing 7858;-)
> >
> > I think the right place to discuss this would be in
> > ietf-dprive-dtls-and-tls-profiles-07#section-8.1, it discusses both
> > PKIX Certificate and DANE based Authentication.
> 
> Maaaaybe. Be good to cover it there certainly but not sure
> if that's sufficient.
> 
> >
> > With regard to public key certificates, the certificate revocation
> > guidelines to use OSCP stapling discussed in
> > https://tools.ietf.org/html/rfc7525#section-6.5 should be followed by
> > the DNS client and server. Both this draft and RFC7858 already refer
> > to RFC7525 for secure use of (D)TLS.
> 
> The issue here is whether DPRIVE works with plain OCSP at all.
> 
> If one wants to send the query for the A/AAAA of the OCSP
> responder over (D)TLS there seems to be a bootstrapping issue
> that's at least tricky.
> 
> If one sends that DNS query in clear that leaks a little info
> (the name of the responder of the (D)TLS server cert of the
> recursive) and then later (in OCSP) one leaks the identity of
> the actual (D)TLS server, which is also not that big a deal
> except that having to send a cleartext DNS query for that
> seems to be sufficiently unexpected that it ought be documented.
> 
> Seems to me that OCSP stapling might be near mandatory for
> both 7858 and this unless we want to take the "hit" of the
> cleartext DNS query for the OCSP responder.

Agreed. I can add the following lines to Security considerations section:

The DNS client MUST use the TLS Certificate Status Request extension (Section 8 of [RFC6066]), commonly called "OCSP stapling" to check the revocation status of public key certificate of the DNS server. OCSP stapling, unlike OSCP, does not suffer from scale and privacy issues.

> Last point: I'm not sure how OCSP stapling affects packet
> sizes for this spec and whether it'd cause a possible fall
> back to TCP or not. Worth checking maybe?

I don't see a problem, DTLS handshake is capable of handling fragmentation and reassembly (see https://tools.ietf.org/html/rfc6347#section-4.2.3).

> 
> Cheers,
> S.
> 
> PS: The rest below is fine too:-)

Thanks, will update draft.

Cheers,
-Tiru

> 
> >
> >
> >
> >>
> >>
> >> ----------------------------------------------------------------------
> >>
> >>
> COMMENT:
> >> ----------------------------------------------------------------------
> >>
> >>
> >>
> >>
> >>
> - 3.3: What does "of the order of several seconds" mean?
> >> If you mean O(10s) then why not say that?
> >
> > NEW: For the server, to mitigate the risk of unintentional server
> > overload, it is RECOMMENDED that the default DNS-over-DTLS server
> > application-level idle time out be set to several seconds and not set
> > to less than a second, but no particular value is specified.
> >
> >>
> >> - 3.3: Is figure 1 really needed? There's no longer any meaningful
> >> reference to it from the text. (I forget if there once was.)
> >
> > I don't think the figure is required, will remove it.
> >
> > -Tiru
> >
> >>
> >> - To try answer Benoit's comment: I think that this is a part of
> >> the overall DPRIVE experiment, so it's a little hard to say exactly
> >> how this document alone constitutes a useful experiment. But see
> >> also my discuss point#1.
> >>
> >>
> >> _______________________________________________ dns-privacy
> mailing
> >> list dns-privacy@ietf.org
> >> https://www.ietf.org/mailman/listinfo/dns-privacy

v2.23.0 | Report a Bug | By Email