IETF Logo Mail Archive

Re: [dns-privacy] Adam Roach's No Objection on draft-ietf-dprive-bcp-op-08: (with COMMENT)

Brian Dickson <brian.peter.dickson@gmail.com> Fri, 07 February 2020 08:19 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BC52120045; Fri, 7 Feb 2020 00:19:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ptYv9oCnDdVu; Fri, 7 Feb 2020 00:19:07 -0800 (PST)
Received: from mail-vk1-xa2c.google.com (mail-vk1-xa2c.google.com [IPv6:2607:f8b0:4864:20::a2c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A62512003E; Fri, 7 Feb 2020 00:19:07 -0800 (PST)
Received: by mail-vk1-xa2c.google.com with SMTP id u6so351734vkn.13; Fri, 07 Feb 2020 00:19:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=yhHygAl2VstTpJJwHMhSsm3aRz2LNojL7EN/Rt4xLs4=; b=thJ6WFI1aonq06ehtxZ+ykWpFgVx4BN51MjlvXwHcj6RYqQZQNdC0eGFLPzVrPzWR3 useQ0wky4J/J4Gy5sR6HPSvzHkqNpaZRuHwIYn3sNCzT5KXbCYuCMNNx1xQhJe2eS+aU gRoxE1TC9NdZo6KUNe114L2JwDk4tFFjaFcarUGdS+V2P7laoj0KZFBFQswZub6OI4H5 ywaTzHPlXfkrtSRXnqT5iKRTYfmjt7PoHo3D6IOzIHQQ/wYkH3XDKehvtfGmZN5Gsnmy z8eQ+P2er/NdAI8uT1Ot/olb/0Db6YJp2LT7TdqQvQDKwrZ7X0ou2xXKZkSjDNbfGJoP QB0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=yhHygAl2VstTpJJwHMhSsm3aRz2LNojL7EN/Rt4xLs4=; b=e0v6gZ4R9BJKENGyAnl2ath5SvVmRQN5W4EA1wZW08Tg2UsoFQgecN4EZP+B/IELjb dtCpLMBqlhpxWK6mKFsJ492xdBVogOfk8bbt5WWk7Z8sRqzGLYuLt4Kc7YCAJBGu5qyu DK1Ob055rfCUz+qGPPmvny0fXt8HqCAgiPNEOZTEeW1hie05Yo0nSIOVWR7L+2Nh/q3I 81G0Yly0gzb9atJmnFX+UQd03bK8yfOeeziWJsDXf+JXlHCSTxiYYu9WaoafUud1Ad77 XPeq9nMwutI7klOYhlKpKA6aRa9JWq73FGHLfzjAPKJroYUPwicYcqB/t0Blyk7SXxHR tXVA==
X-Gm-Message-State: APjAAAVhaX7Ll4DqkUtm8gcOFIJO7fj22fukQ51GiYONZYYFkvpt5Suz OGD+N+cCDvs7ycI5lnyymTscIUYdoJ4ZtlBdb4U=
X-Google-Smtp-Source: APXvYqzvWvWJXS+2rI/V0djaYpvOiP/qJ19kcg3e5LyULY2R5nKi5uyJQLerYInn4ATJqKEMUaqfD/XWc6P24/MzYvk=
X-Received: by 2002:a1f:dc42:: with SMTP id t63mr4169955vkg.5.1581063546635; Fri, 07 Feb 2020 00:19:06 -0800 (PST)
MIME-Version: 1.0
References: <CAH1iCiqLwP8UOJe_vWQAr7iu8j7LF2Y4+386XNimM+3wJ-2RzQ@mail.gmail.com> <9fe99917-347b-ab79-7a9c-3e8da67a5246@nostrum.com> <364cf548-9114-fcb3-52b6-a73be08b55c4@nostrum.com> <CAH1iCirzvzQUAcbctzC4Bete_mDicT7MYJL5vnaSFZnVNAUbPg@mail.gmail.com> <9104d41b-2c78-0216-3262-4ed50f389ea7@nostrum.com> <CABcZeBMF2CT--gdKNuVWw+e8CvLYjL3yX0YtMj54CQBvdZ0o0A@mail.gmail.com> <CAH1iCirLPsLX-OebLxKTfR4FDXaejcNy+TONw5FuLP2_r6GBOw@mail.gmail.com> <CABcZeBPkLaFB5fv6WigJmY9QhOJnJf3YwrmooN0BRbm8fKxLog@mail.gmail.com> <CAH1iCiq555QF=we5moHBStmCRsJ_kZ=hzYacJ=GYSKvcqEBcvA@mail.gmail.com> <CABcZeBM+L_Qco3VkybhJp5_ijNiJd58yprCnHY2Yn4ODX-1UDA@mail.gmail.com> <20200207011411.GJ14382@kduck.mit.edu> <CABcZeBMuQotjcXOHOeNhQ8dNWEJZ3jijggGd=KGkWV6kWMu16Q@mail.gmail.com>
In-Reply-To: <CABcZeBMuQotjcXOHOeNhQ8dNWEJZ3jijggGd=KGkWV6kWMu16Q@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Fri, 07 Feb 2020 00:18:55 -0800
Message-ID: <CAH1iCirnZ3JTsepHivW3Xc5Hytbsx1b48w9go_4oPA7ncfU34w@mail.gmail.com>
To: Eric Rescorla <ekr@rtfm.com>
Cc: Benjamin Kaduk <kaduk@mit.edu>, Tim Wicinski <tjw.ietf@gmail.com>, Adam Roach <adam@nostrum.com>, The IESG <iesg@ietf.org>, dprive-chairs@ietf.org, draft-ietf-dprive-bcp-op@ietf.org, DNS Privacy Working Group <dns-privacy@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000001088ed059df80b27"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/SD-oR_uM3dwBK1gko5FNnbKqY9I>
Subject: Re: [dns-privacy] Adam Roach's No Objection on draft-ietf-dprive-bcp-op-08: (with COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Feb 2020 08:19:10 -0000

On Thu, Feb 6, 2020 at 9:39 PM Eric Rescorla <ekr@rtfm.com> wrote:

>
>
> On Thu, Feb 6, 2020 at 5:14 PM Benjamin Kaduk <kaduk@mit.edu> wrote:
>
>>
>> but given that the recursive has no way of knowing what the
>> DNS client is planning to do (and that some ~20% of web traffic does not
>> use TLS), it's hard for me to argue that this document is making the wrong
>> recommendation about DNSSEC validation.
>>
>
> The question at hand is not about whether it ought to recommend DNSSEC
> validation but rather whether the text around that, which implies that
> failure to do so has a high risk of sending your sensitive *web* traffic to
> the attacker, is accurate given the high fraction of Web traffic that is
> protected with TLS and the likely even higher fraction of sensitive traffic
> that is.
>

The issue around implied risk, is a longitudinal one.

For sake of argument, let's assume 100.0% of web traffic is TLS protected.
Let's also assume that of the privacy resolver operators, there is at least
one that does not do DNSSEC.

If an attacker obtains the private key for *some* certificate for a web
site, what is the risk for the customers of the two groups of resolver
operators?

The risk for the DNSSEC validating operators' clients is zero if the web
site is in a DNSSEC signed domain.
The risk for the non-DNSSEC validating operators' clients is non-zero if
the web site is in a DNSSEC signed domain.

The risk depends on the ability of the attacker to poison the cache.
The validating resolver cannot be poisoned if the zone is signed.
The non-validating resolver can be poisoned even if the zone is signed.

The fact of non-DNSSEC validation is very likely known, particularly given
the public nature of privacy resolver operators, and trivial to confirm
directly by using them as a resolver.
The non-validating operators will definitely be a target for such an
attacker.

It doesn't particularly matter which certificate is compromised, in
principal; the question is whether the web traffic for that site can be
compromised. If the DNS poisoning succeeds, the answer is yes.

An attacker is unlikely to do the poisoning attack unless there is a
benefit to doing so, such as already possessing the private key.

I don't have any particular knowledge of how often keys leak.

I do have a pretty good idea how easy it is to poison a resolver.

It is generally only a factor of, at most, bandwidth and the ability to
send queries as a resolver client.
And unlike the typical ISP or enterprise or small network, the resolvers
here have to be open for use to anyone.
This makes them particularly vulnerable to the conditions that facilitate
poisoning.
And it is precisely this that make the case for a MUST rather than a SHOULD.

Brian

v2.23.0 | Report a Bug | By Email