Re: [dns-privacy] [Ext] Intermediate proposal (what I was saying at the mic)
Brian Dickson <brian.peter.dickson@gmail.com> Thu, 05 August 2021 18:06 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 632703A1C0C for <dns-privacy@ietfa.amsl.com>; Thu, 5 Aug 2021 11:06:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jCibs2r5GPpb for <dns-privacy@ietfa.amsl.com>; Thu, 5 Aug 2021 11:06:26 -0700 (PDT)
Received: from mail-lf1-x132.google.com (mail-lf1-x132.google.com [IPv6:2a00:1450:4864:20::132]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8718F3A1C03 for <dns-privacy@ietf.org>; Thu, 5 Aug 2021 11:06:26 -0700 (PDT)
Received: by mail-lf1-x132.google.com with SMTP id y34so12756174lfa.8 for <dns-privacy@ietf.org>; Thu, 05 Aug 2021 11:06:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2xPCz8cbXDmgyqJiv/7z65AUodnX4E9CI75LitWckeI=; b=O4nLzOtYM0Or6CCR59hsdqjda+CnBQB+ZEz7XBd1K37UZQdGT3eQbnf15MUletzr8p kgL1lGlJx6AOaNDlsNhqqA3B28A1YoARFmrNzWygXN8935+pJK3paRH2YFgrS/rz/DwP 9YPV8bsqx4ojJcn4SyzlY0MVCllGafHyoFtKFITT3wz1kCtgV/9VTMYslHbMRvsnHbh4 V7DiFV4AnB9G1pXRxR7RXaVl43cwr2S7bvhm3lQK3HL6JmlyCNbPL38V8jetOqaVFG9T uvuujoU9+L69SwzwQeQsi00ktuTskP51d2JCovRVpsh3h7fP+IgdPqj589i6Wwa5sB17 YNsQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2xPCz8cbXDmgyqJiv/7z65AUodnX4E9CI75LitWckeI=; b=mqfLte8/eHl+V2SRaG2BuCc7xlXv7gKscJdDxdUEVeaXCowGyi2aLgSUaMnFkf+vmn syt4hkMm8NXIoU6T6BDobsNwO5yPXhJqKLTht/gtg6/DfEjU2xlCnxBMns8wUVeH+UCg XaxGf/2fDDncomKbemVEOCuHlpR/RUH7Fvpl8cFWGmeHagQuQ9f06od2ajsnYuMW+wQT FT9uidd84YZnY46eH6FzrcLTeSDVF6t5J82dGfQ0yeqvNLOqaidn7eTVaZLMdgq5c+tL ksUMtV0OrJsYLG2jaNkkleYMJ7rdW6xsMXZ8zS766JqhChDridOqSR+9QV5Ljzr9zecx Ni4Q==
X-Gm-Message-State: AOAM5330aj4LpakKB8BT9kNzXjFmFrM8dLeIlkg+Ec7MsaNKuGzGzvfU W7Z/5PrR7VvbHlRu1HvcZW4yo9I5ObNrcP+Rb1F4KzH8
X-Google-Smtp-Source: ABdhPJwAzpm+8xJ+z1xxDEMPvEyGUoTVzy7Wfe2kBomcpPlW49VU4X0wEW0dWOVFnWF90a6GL2arE7aAq980Ce8+Ur0=
X-Received: by 2002:ac2:4c2b:: with SMTP id u11mr4619850lfq.316.1628186784242; Thu, 05 Aug 2021 11:06:24 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBNRZsyjd-M_hKOwxdqY=Y7oZs5-d4waqPHb9gO-GJNV+Q@mail.gmail.com> <8b2ac283-614e-40d2-b6bf-5e67d5324aaa@www.fastmail.com> <CABcZeBM+rBLgUs+xzyhTOjCFuPdjUDPDMeFL6CAXanDaicC+Pg@mail.gmail.com> <CAHbrMsA3ROoeeDXm_HpXP73uFjVrEQUycQ0OR0e6JE0hCoS1sw@mail.gmail.com> <5EEBC284-71B3-4308-B5C6-AF3847A6ED36@icann.org>
In-Reply-To: <5EEBC284-71B3-4308-B5C6-AF3847A6ED36@icann.org>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Thu, 05 Aug 2021 11:06:12 -0700
Message-ID: <CAH1iCio6Jvi0_iQ7CFi8cny4poeOSJc1zcCHzwOP_4HWwHJYtg@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: DNS Privacy Working Group <dns-privacy@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e7243905c8d3c6c2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/R1VczeerOvFe9JsoL_ZiLhu2YtQ>
Subject: Re: [dns-privacy] [Ext] Intermediate proposal (what I was saying at the mic)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Aug 2021 18:06:33 -0000
On Tue, Aug 3, 2021 at 1:55 PM Paul Hoffman <paul.hoffman@icann.org> wrote: > On Aug 3, 2021, at 1:34 PM, Ben Schwartz <bemasc= > 40google.com@dmarc.ietf.org> wrote: > > > > In my view, > > > > 1. We should provide guidance on how to do unauthenticated DoT/Q using > default-port probing, like we used to have in > https://datatracker.ietf.org/doc/html/draft-ietf-dprive-opportunistic-adotq-00 > . > > > > 2. Publishing a SVCB record should indicate support for authenticated > encryption. Nameservers that don't support authenticated encryption can > offer opportunistic encryption based on default-port probing. > > > > 3. We should allow nameservers to indicate support for authentication > via common PKI, DANE, or both. > > > > 4. SVCB and TLSA records are a firm promise, but resolver behavior is > always up to the operator. They can choose whether to "fail closed", skip > authentication, fall back to UDP, etc. > > If the WG is going to go to DS in the parent to have a signed signaling > response, it would make sense that the signal in the child have an > identical format. If we go with that, I'd rather see CDS be used in the > child instead of SVCB. > > I like using #4 as a way to bridge the two use cases (well, the stated > unauthenticated use case and whatever fully-authenticated use case > eventually gets published). That way, resolvers that have the > unauthenticated use case have more reliable ways to get the signal, and > also can get a signal for DoH. > Some (IMNSHO) important observations, and recommendation for direction on these: - SVCB in the name server name's zone is where the signalling belongs (on what transports are supported, per NS name, as well as authenticated or not, etc) - TTL on DS is controlled by the parent zone, and may not be appropriate for risky changes, thus not a good place for signalling - DS is a good place to protect the glue (NS records themselves, plus glue A and AAAA records) - in fact, it is the only viable solution for that - DS for the NS needs to scale according the NS RDATA, not the owner names, so the DS per zone should not include the zone name (too esoteric to discuss/debate this point, I think) - Signaling transport should be SHOULD, just to avoid port probing. - Opportunistic authentication is different from opportunistic period - It is better to signal transport and whether it is authenticated (in once place, the SVCB record) - The parent DS is per zone, not per name server, so that is NOT where transport/opportunistic signaling belongs (e.g. changing those MUST NOT be per zone) - There is a separate DS for the name server's names' zone, of course... - That is where the glue A/AAAA records can be added to protect the resolution needed for querying for SVCB records - I don't think there is any reason to specifically support unsigned name server name zones - You need signed data to protect the information needed to get to TLS - It's integrity, not privacy, that is needed at this step - The first query to the NS name's zone cannot be TLS yet, because the info for TLS isn't available yet (catch 22) - TLSA allows signaling of WebPKI as an optional required validation over the certificate in the TLSA record (types 0/1 vs 2/3 IIRC). - Optional validation != optional WebPKI - You can have a signal that says "mandatory validation using TLSA but not WebPKI" - That signal could instead be, "mandatory validation using both TLSA and WebPKI" - Both are downgrade resistant - SVCB would signal DNS operators intent for failure mode - E.g. opportunistic (fail to fallback) vs mandatory (fail hard), subject to resolver's own policies (which could ignore DNS operator's signal) - If you require a signed zone anyway, and are going to do TLS (that's what we are discussing), then *requiring* TLSA records (with or without WebPKI) is a very easy thing to justify - Reminder: just because type 2/3 records don't require WebPKI validation, does not mean you can't use CA issued certs for those - It just means the validation avoids having to do WebPKI stuff. - DNSSEC signatures protect the cert fingerprint (EE or parental) in all cases - TL;DR: registrant zone gets DS with protection over NS RDATA; name server name delegation is similarly protected; name server name resolution at some point depends on glue A/AAAA which also get DS protection; name server name has SVCB and TLSA records; SVCB signals opportunistic or not; TLS validation via WebPKI is signaled via TLSA; deployments and roll-back are handled strictly in the name server name's zone (including use of appropriate TTL values during deployment/rollback) Resolvers can still work with this even if they don't do DNSSEC validation. They do lose downgrade protection, but can still resolve fine. Resolvers that do DNSSEC validation are protected against downgrade, IFF the DNS operator has elected to signal hard failure. This protects against MITM on both DNS and transport (TLS). Brian
- [dns-privacy] Intermediate proposal (what I was s… Eric Rescorla
- Re: [dns-privacy] Intermediate proposal (what I w… Paul Wouters
- Re: [dns-privacy] Intermediate proposal (what I w… Eric Rescorla
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Paul Hoffman
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Robert Evans
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Paul Hoffman
- Re: [dns-privacy] Intermediate proposal (what I w… Martin Thomson
- Re: [dns-privacy] Intermediate proposal (what I w… Christian Huitema
- Re: [dns-privacy] Intermediate proposal (what I w… Eric Rescorla
- [dns-privacy] ADoX experiments (was: Re: Intermed… Stephen Farrell
- Re: [dns-privacy] Intermediate proposal (what I w… Ben Schwartz
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Paul Hoffman
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Ben Schwartz
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Paul Hoffman
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Ben Schwartz
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… libor.peltan
- Re: [dns-privacy] [Ext] Intermediate proposal (wh… Brian Dickson
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Brian Haberman
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Stephen Farrell
- [dns-privacy] scope of authoritative signalling [… Daniel Kahn Gillmor
- Re: [dns-privacy] scope of authoritative signalli… Brian Dickson
- Re: [dns-privacy] scope of authoritative signalli… Peter van Dijk
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Brian Haberman
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Bill Woodcock
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Bill Woodcock
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Christian Huitema
- Re: [dns-privacy] ADoX experiments (was: Re: Inte… Bill Woodcock