IETF Logo Mail Archive

Re: [dns-privacy] [Ext] Threat Model

Ted Hardie <ted.ietf@gmail.com> Wed, 06 November 2019 17:31 UTC

Return-Path: <ted.ietf@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D081120090 for <dns-privacy@ietfa.amsl.com>; Wed, 6 Nov 2019 09:31:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AqU1LqDaSUcP for <dns-privacy@ietfa.amsl.com>; Wed, 6 Nov 2019 09:31:04 -0800 (PST)
Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E6BF6120071 for <dns-privacy@ietf.org>; Wed, 6 Nov 2019 09:31:03 -0800 (PST)
Received: by mail-ed1-x534.google.com with SMTP id w6so2643325edx.10 for <dns-privacy@ietf.org>; Wed, 06 Nov 2019 09:31:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=gIi1y7BAv44spmkbOq7+OTJLYwMNNfUo9yft1XMLyJA=; b=YrWTFPq67wgZ7p+/pQ2oZYPP+mt1mmMuAMbMN4vrGkI/9w86NvJ2clivX8FZSVWxzp y59SdDHfy45MkQj9NwDckmRjPP1Dj7jdNZX1EaZSthc47KDyWZZ5sUt7i/qJIdrdzCWy DLp4UkVZci/AxtgcfDtqBJtZEkx69RH2KzxcT+EilvZX5ThuM2DYdwaTj92ln+Byu//Q qYFdG37rQvninHofxQcr/voie3m/F3iE4eKkdQoDfxQozcITW2LZiRY0CfP8o+ZiwDzo dzT0+u10tM53pijeZAbIWMEUDO/Wwdn/nCSBEKPhAYJuNBr7sCuL3s8CsTUqzlv79Mnb sgPg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=gIi1y7BAv44spmkbOq7+OTJLYwMNNfUo9yft1XMLyJA=; b=TCKOZGAxsBIdWI/wMu000BACHrHE1q9lpM/fzvFtOaNQ9GAe/SOqSBtNWILztbD7Eq XSvIgsj0gL/IpAUYHLX59/EHKfsegBg9p5ootmG63NFdUqKx5F0hX4EFAqJN+3skZlXQ zxvxVbj5AWf/2NwvXYrxYOPZGcUuXDve5laOgQhdhRy38jIDwXSrQd1aAs5EhrHKDsBA USRfP3I/86HGqGVzGHlLtnxNE+W/kaO/ATMcT/H+whNTbsapLpJD1AUEnZoMx9DzoYKS 76JINZHLsDg9/ZyhCkz7JyoCVrE3iSOO0160HgtSSIUXihkkyo5DOU8wovBjUHv7Q0MZ b+hw==
X-Gm-Message-State: APjAAAVJSIGYRqSaXDsWwhCqmNPelPIyFpyKrnKO2UpKDdUAwmOJDZf3 OO/0UyCotSWNXK73GGl1Glyq5LfBrcRCrbo5ebU=
X-Google-Smtp-Source: APXvYqxvhqgriPzDzh8la11we+hpaRrn6fcNcqoauXNJq8407HyXev7O5vPikYq85EgfniayBlwPZ97nQnCFv6/I9XY=
X-Received: by 2002:a17:906:80c1:: with SMTP id a1mr36585321ejx.37.1573061462343; Wed, 06 Nov 2019 09:31:02 -0800 (PST)
MIME-Version: 1.0
References: <CABcZeBMQEJ=LE8ATQYnJj59srsK47hf4HT3BMMg3X2crVfSUXQ@mail.gmail.com> <CABcZeBMFDbATVRvJvvs5b4giQ=0B82i76ahv-ffDgWJOzqZccw@mail.gmail.com> <CAHw9_i+e8veeAz+KYXjvchmjKJz6OZHX1pEYx_Tvs8n5xnfBnQ@mail.gmail.com> <6D6233DC-4D7C-45BC-9D4E-08E6E882C1A5@nohats.ca> <alpine.DEB.2.20.1911042035571.29247@grey.csi.cam.ac.uk> <CAH1iCioH86q1CX7A+F8ON4uzpGqipUy8m3iczyNqSKirAsYBQg@mail.gmail.com> <alpine.LRH.2.21.1911041652450.5093@bofh.nohats.ca> <CABcZeBOtY3saJe5DWTu=Jqy5guqdoKPKSR+XYddbvxwxKsxmig@mail.gmail.com> <CAHw9_iKaeT0VEjZfoCi9Nddc+VBBj0JHWDHv+=g3xzvb6L+Nvg@mail.gmail.com> <alpine.LRH.2.21.1911050941090.30046@bofh.nohats.ca> <CAHw9_i+MxMCd7dDO7N0-hc1SDjvBeoLoUvbg4JWDzXyjR0u4xQ@mail.gmail.com> <CAHw9_iKhaA9Nb+eH92YfzdepU90_DgLyS-ZDaMAehKOFO0ksEA@mail.gmail.com> <FC51D8EC-5ADC-4415-82EB-C6C6E4E8D84A@fl1ger.de> <F0DD4028-2404-4232-90F8-E9937877C261@nohats.ca> <b7108cff-0e50-d168-aa49-2626eb83ee22@cs.tcd.ie> <d465d9e5-5a9f-8968-8f73-1493ec5f2c36@icann.org> <CAH1iCioO6NBpYkjzCX+vBTXVTFK9zH0KZULt3tQsA3ov8UBpiA@mail.gmail.com>
In-Reply-To: <CAH1iCioO6NBpYkjzCX+vBTXVTFK9zH0KZULt3tQsA3ov8UBpiA@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
Date: Wed, 06 Nov 2019 09:30:48 -0800
Message-ID: <CA+9kkMDArqq=hjmMz-VoEBH5cTLqTenoYnk2wVOviwngXb7z4g@mail.gmail.com>
To: Brian Dickson <brian.peter.dickson@gmail.com>
Cc: Paul Hoffman <paul.hoffman@icann.org>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000ac45990596b0e9b6"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/TYJoKN7XMKrI6cJjsOhnr5KpyTQ>
Subject: Re: [dns-privacy] [Ext] Threat Model
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Nov 2019 17:31:06 -0000

In-line.

On Wed, Nov 6, 2019 at 9:05 AM Brian Dickson <brian.peter.dickson@gmail.com>
wrote:

>
>
> On Wed, Nov 6, 2019 at 8:21 AM Paul Hoffman <paul.hoffman@icann.org>
> wrote:
>
>> Given that we are (still supposedly) talking about requirements and not
>> solutions, I would be unhappy with a requirement that prevents a resolver
>> that is not validating from being able to use encrypted transport to
>> authoritative servers. Any protocol we develop for ADoT capability
>> discovery should prevent downgrade attacks but should also work fine for
>> resolvers that do not validate.
>>
>
> Why?
>
> Or rather, let me put together a straw-man to attack.
>
> Suppose the requirement (for the protocol for establishing the encrypted
> transport for actual ADoT or for discovery of ADoT parameters) was that
> *for this record* the record must be signed and must be validated, but that
> it placed no broader requirement on validation.
>

It seems odd to have the code and operations to do this on both signing and
validation , but then use it intermittently.  That seems both hard to
reason about and difficult to explain.



> I.e. TSLA for cert validation for the TLS connections used, which would
> require DNSSEC validation (mandatory per DANE RFCs).
>
> That would mean resolvers that don't validate *generally*, but do follow
> the protocol (and validate very specific records) would would fine. Would
> that be an unhappy-making requirement, or would you be okay with that
> hair-splitting on validation?
>

I don’t think this would be something to recommend, personally.

Ted

>
> Given that presumably *some* changes would need to be made to resolvers
> for ADoT, IMHO the particulars of *what* changes should all be open to
> discussion.
>
> Brian
> _______________________________________________
> dns-privacy mailing list
> dns-privacy@ietf.org
> https://www.ietf.org/mailman/listinfo/dns-privacy
>

v2.23.0 | Report a Bug | By Email