Re: [dns-privacy] review of draft-ietf-dprive-dnsodtls-01
Ted Hardie <ted.ietf@gmail.com> Mon, 05 October 2015 22:48 UTC
Return-Path: <ted.ietf@gmail.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3B7851A6FEB for <dns-privacy@ietfa.amsl.com>; Mon, 5 Oct 2015 15:48:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9bRduUgYjeW9 for <dns-privacy@ietfa.amsl.com>; Mon, 5 Oct 2015 15:48:41 -0700 (PDT)
Received: from mail-qg0-x230.google.com (mail-qg0-x230.google.com [IPv6:2607:f8b0:400d:c04::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F74E1A6FE9 for <dns-privacy@ietf.org>; Mon, 5 Oct 2015 15:48:41 -0700 (PDT)
Received: by qgt47 with SMTP id 47so163533245qgt.2 for <dns-privacy@ietf.org>; Mon, 05 Oct 2015 15:48:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Rn9tD4gPLZpiPn7dsp4L7x/FoWEf/3DSwCL+VgvUEIs=; b=gzYxb44zSCPwCfkBnfGgCXjcwCcfJ2g0YVlmZrjCCpw1V74B14os382lXDFeD52isI GJijV/eJoH+YuAE1t5eUoQh+eBWqFKFT9XMQOtMLjuVz4WzLaMd/22pPkL167OHwHQUI iwh9dWoxrGSDQKRV5/PBBnHJICa3+ndfl3Wqz8PNXai+WHKkC0VegXp9P/lMXrMwlz0i AsXRQUsYI3ZLNvsp1lwaaLYksRPG+y3IuCa/EaCjGkdd17bonrDSgg1ZftitaKtyvYAF xdLFBj2x+/DetoMZ52tz2o2MEj2Yy3You67gY+Xr3RyWzO1eYCOzmbsctPOdcQnNBot+ Mfpg==
MIME-Version: 1.0
X-Received: by 10.140.104.33 with SMTP id z30mr43116759qge.0.1444085320787; Mon, 05 Oct 2015 15:48:40 -0700 (PDT)
Received: by 10.55.50.2 with HTTP; Mon, 5 Oct 2015 15:48:40 -0700 (PDT)
In-Reply-To: <879AA0C7-D881-4A57-AF57-AAFA42141660@sinodun.com>
References: <879AA0C7-D881-4A57-AF57-AAFA42141660@sinodun.com>
Date: Mon, 05 Oct 2015 15:48:40 -0700
Message-ID: <CA+9kkMCavs2HaBbmKJfQHRuc1iws0A7UXL8q9E3-UPAWK9Ut3Q@mail.gmail.com>
From: Ted Hardie <ted.ietf@gmail.com>
To: Sara Dickinson <sara@sinodun.com>
Content-Type: multipart/alternative; boundary="001a11355e2c922f050521635036"
Archived-At: <http://mailarchive.ietf.org/arch/msg/dns-privacy/mS0UsloTIt9ReFXVWpZh8f5QUt0>
Cc: "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Subject: Re: [dns-privacy] review of draft-ietf-dprive-dnsodtls-01
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 05 Oct 2015 22:48:45 -0000
On Mon, Oct 5, 2015 at 1:46 PM, Sara Dickinson <sara@sinodun.com> wrote: > Hi, > > After chatting with Warren I’m re-sending a very slightly updated version > of a review which I sent back in August to the DNSOP list instead of DPRIVE > (doh!)…… > > QUESTION: The most recent draft still includes the proposal that DTLS > could run on port 53. In light of the recent early port allocation request > that covers both TCP and UDP will future versions of the draft continue to > include the proposal for running DTLS on port 53? > > > General comments: > --------------------------- > > 1) My major comment is that I don’t think the current draft tackles the > problem of truncation of answers in enough depth. DNS-over-DTLS, like UDP, > will have to truncate answers if they exceed the pMTU. And since the packet > includes the DTLS header the likelihood of truncation is increased for > DNS-over-DTLS compared to UDP. In the case of truncation one of two things > must happen: > i) Fallback to e.g. TLS (if available) which compromises performance > compared to using a single protocol for privacy. > ii) Fallback to unencrypted communication, which compromises privacy. > > There is a brief discussion of a proposed shim layer to avoid this, but > without a solution to this issue that eliminates the need for fallback I > don’t believe the protocol can be deployed as a standalone solution for DNS > privacy (it would have to deployed alongside e.g. TLS). Because of this > limitation I think much more weight should be given to this issue and the > feasibility of potential solutions. > > First, I think the chances are pretty good that DNS over TLS or DTLS will deployed side by existing DNS for at least some time, so I'm not sure that focusing entirely on avoiding fall back here is ta critical point. That said, the shim layer proposal seems at first glance to a pretty simple extension of the multiplexing mechanics already described. That is, you have the QueryID to allow you to interleave requests; you use that in demultiplexing responses. If you have that and the DNS response in the first DTLS record referencing a QueryID indicates truncation, you look for further DTLS records referencing the same QueryID, and re-assemble them with the first using a sequence number. Yes, that would require more specification than in the document, but it seems like a reasonable approach and it avoid re-starting the protocol machinery (which fallback to TLS would do). Am I missing a complication here? regards, Ted > 2) I also think a fuller discussion of the difference between the initial > TLS and DTLS handshake should be included since in the DTLS case an extra > RTT is needed for the Hello Verification, without which the session > resumption cannot occur in 1 round trip. Since DNS is a latency sensitive > protocol this should be spelled out in order to ensure implementors fully > understand this difference. Also, the TLS 1.3 spec has a 1 RTT handshake > and proposes 0 RTT exchange based on a long-term (EC)DH share. > > > Specific comments: > --------------------------- > > Terminology > > - I wonder if a terminology section would be of use? For example, I see > both the terms ‘DTLS session’ and ‘DTLS security association’ used in the > document and it would be helpful to clarify them (or just define one and > use it consistently). > > > Section 3.3: Downgrade attacks > > - I think this section may benefit from adopting the language used in > RFC7525 e.g discussing strict vs opportunistic encryption. > > - I think it would help if the second sentence of the first paragraph > could be re-written to either make clear that the behaviour is an > implementation choice (e.g. use ‘might choose’ instead of ‘will’) or > clarify is it part of the specification (e.g. use SHOULD/MAY instead of > ‘will')? > > > Section 7: Performance Considerations > > - (nit) Second paragraph s/QueryID/Query ID/ > > - From an implementation point of view I think DTLS probably has more > characteristics in common with TCP/TLS than UDP, so detailing behaviours > like connection re-use, query pipelining, idle-time, out-of-order responses > (or their DTLS equivalents) will be of value. For example: > > - I’d like to suggest the second paragraph includes some text similar to > that in draft-ietf-dnsop-5966bis-02 which addresses message ID collisions: > “ When sending multiple queries over a DTLS security association clients > MUST take care to avoid Message ID collisions. In other words, they MUST not > re-use the DNS Message ID of an in-flight query.” > - Similarly, I also think some text clarifying that clients should sent > multiple queries on a given security association without waiting for > responses wouldn’t go a miss. > - Third paragraph. Did you consider adding a statement to the effect > “Clients SHOULD re-use security associations.” Is there any reason not to > add this? > - I think it would be helpful to add some discussion of the expected > lifetime of the UDP security associations. Also, it is unclear to me what > happens in a ‘normal’ tear down of the security association. > > - Fourth paragraph > — I think it would be helpful to clarify for implementors that the DNS > server implementation must be capable of determining the encoded size of > the message (not the clear text size) before it is sent in order to > evaluate if the TC=1 bit must be set. > — I think your argument about the use of pMTU to reduce the need to > switch to TCP is that a client can use the pMTU in a server selection > algorithm? > > - You make the recommendation that root servers should not implement this > due to additional load. I disagree with the NOT RECOMMENDED here as I think > it is too prescriptive. I agree with dkg’s earlier comments that the > authoritative server resource discussion would be improved by being more > general. > > > Section 8: Established session > > - I’d like to suggest moving this entire section earlier to improve the > readability of the document, perhaps after section 4? > > - Again, I think a stronger/clearer recommendation (SHOULD?) about > re-using DTLS sessions would be helpful here too > > Section 9: > > - Perhaps this section is better replaced with a reference to RFC7525? > > Section 12: > > - Could the following sentence be reworded as I find it unclear. What is > ’a normal DNS query” here - I think it should be 'unencrypted DNS query'? > And would “all subsequent responses should be encrypted using DNSoD” read > better? > ”Once a DNSoD client has established a security association with a > particular DNS server, and > outstanding normal DNS queries with that server (if any) have been > received, the DNSoD client MUST ignore any subsequent normal DNS > responses from that server, as all subsequent responses should be > inside DNSoD.” > > - I think this section might benefit from a discussion of DoS mitigation > techniques? E.g. should a server limit the number of DNSoD security > associations accepted from a single client? > > Regards > > Sara. > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy >
- Re: [dns-privacy] review of draft-ietf-dprive-dns… Sara Dickinson
- Re: [dns-privacy] review of draft-ietf-dprive-dns… Ted Hardie
- Re: [dns-privacy] review of draft-ietf-dprive-dns… Sara Dickinson
- Re: [dns-privacy] review of draft-ietf-dprive-dns… Christian Huitema
- [dns-privacy] DNSoDTLS fragmentation/reassembly s… 🔓Dan Wing
- Re: [dns-privacy] DNSoDTLS fragmentation/reassemb… Shane Kerr
- Re: [dns-privacy] DNSoDTLS fragmentation/reassemb… 🔓Dan Wing
- Re: [dns-privacy] review of draft-ietf-dprive-dns… John Heidemann