IETF Logo Mail Archive

Re: [dns-privacy] [Ext] New draft on authenticated recursive <-> authoritative

Eric Rescorla <ekr@rtfm.com> Thu, 25 February 2021 21:26 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C03053A0BF1 for <dns-privacy@ietfa.amsl.com>; Thu, 25 Feb 2021 13:26:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UxAOMHB0g1jT for <dns-privacy@ietfa.amsl.com>; Thu, 25 Feb 2021 13:26:03 -0800 (PST)
Received: from mail-lj1-x232.google.com (mail-lj1-x232.google.com [IPv6:2a00:1450:4864:20::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71FDF3A0B70 for <dprive@ietf.org>; Thu, 25 Feb 2021 13:26:03 -0800 (PST)
Received: by mail-lj1-x232.google.com with SMTP id q14so8204746ljp.4 for <dprive@ietf.org>; Thu, 25 Feb 2021 13:26:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZPpTtOowpPbZtshHkeabmSBBzS4rlUY9ePLJj8k3Nag=; b=1xn1W1T23CQ6vsflKRNomiplRl+xk42aqrMvfRE8TH6DS7ZkSuMTUkEhIT2rCAcdHB D5rZgxv1jL5xFuEEIxK0QDvjVjsAC/Gk18XX8+03q0gqv5xu+a8oVzm8a+rdzeGmJlih k6lwzNL0gBVN9Diq4aKbXu0cWIHt3ns3XWWU+Kjt93DtyekagmyY/Mcpy5IXfS1dM8RO /lV7FdnWmI/4J4KTbPu65NvjuD9jIiv5xQNiHsr87OQJsEY6s7RET/mZ/3TjdpCr6l8W 6juWB/3KQXShwMwjgh/EwkqDNIK3ucnO75Zr0DogOjQQ1m5OgzKc1006/JXpx0A5WnZi IPRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZPpTtOowpPbZtshHkeabmSBBzS4rlUY9ePLJj8k3Nag=; b=K3aA0k6mzfPSMJ1T+euZUal700nQY75qHFfhd8FxRv2j6dXz0P79ve0XyxGz/MAgKB pXRAU19YaCludj3RvW9Hg3VN1UWUcpVbvOxUqp7gOpQL2nCY/3oPoHsY/PXKZeHYdh1c aAGhtnWtSGNMei/DmF7ys+2CvCeFZ9b6tdDCSCk3hOwivjFf8ePNts19qRb64yy1PCuP U1CmsZIySjtKokF1iZXtVlZsdURFvk57pzCDF/fY77UJqInYa8zKssN06O1gOKYhO/kp +q2NVbkmntlpVkwJ5gjMCo+vqIu052upXuwhRoaO82w6WOtOS2ggnxoFqQR1CYfnx8we hKNg==
X-Gm-Message-State: AOAM530ozmwIVSu6LxST76hRxvkS6V4YlZ/uIhuwHLyb5Fus0w30yyzm r+vSEhF5h7Dfg4p/eFZMTi0euABedEAdX5anGZZQmA==
X-Google-Smtp-Source: ABdhPJy1m3h9AL8M3pMmYPNWub24VmZxKMCBdp+EL0edz0b/9/elyB9NoojOHepf28p5W/KOMZ6dDkkxl0n0LLmrTe4=
X-Received: by 2002:a2e:890b:: with SMTP id d11mr2546201lji.3.1614288361427; Thu, 25 Feb 2021 13:26:01 -0800 (PST)
MIME-Version: 1.0
References: <CABcZeBPn4QL+N2wph81NwYiwapNOroBUoC6KKWsC0Gcdghxw4w@mail.gmail.com> <577B946F-C839-4986-9241-BEDC54FD118B@icann.org> <CABcZeBPuzcodiAZSRb+7=mtkyXcfco19FFK6YVTK9+k5V097ww@mail.gmail.com> <2D5C5A27-60DC-48D7-A903-F305EFFF3724@icann.org>
In-Reply-To: <2D5C5A27-60DC-48D7-A903-F305EFFF3724@icann.org>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 25 Feb 2021 13:25:25 -0800
Message-ID: <CABcZeBMmq9=aWkzdr2ZMUut=QE=7hmKyjwR4LxWOxYw0yjy2Eg@mail.gmail.com>
To: Paul Hoffman <paul.hoffman@icann.org>
Cc: "dprive@ietf.org" <dprive@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000059287d05bc2fcc90"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/nW7jVQ6UBaqnxIAlVqibVZbfXV0>
Subject: Re: [dns-privacy] [Ext] New draft on authenticated recursive <-> authoritative
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2021 21:26:10 -0000

On Thu, Feb 25, 2021 at 1:10 PM Paul Hoffman <paul.hoffman@icann.org> wrote:

> On Feb 25, 2021, at 12:44 PM, Eric Rescorla <ekr@rtfm.com> wrote:
>
>
>
>
> On Thu, Feb 25, 2021 at 12:15 PM Paul Hoffman <paul.hoffman@icann.org>
> wrote:
>
>> The idea of doing discovery in a new type of glue in the parent seems
>> interesting. For the unauthenticated use case, it potentially removes a
>> round trip, and doing so is quite valuable. If the WG likes the idea of
>> new-glue-type-in-parent, Peter and I can add it to the draft covering
>> unauthenticated ADoT to keep the two use cases in sync.
>>
>> Question: why does this draft use an SVCB record instead of a TLSA record
>> for that new glue? The only advantage I see is that SVCB can indicate the
>> DoH template, but the WG has so far not shown interest in DoH over DoT.
>
>
> There are (at least) three reasons:
> 1. Semantically, TLSA does not mean "I support TLS", but rather "if you
> are to do TLS, do it this way. SVCB means something different.
>
>
> Fair point. However, given that we get to say what a particular usage of a
> particular RRtype is, that is not fatal.
>

No, because there are existing deployments, so we can't just retcon the
meaning.


> 2. It's not clear that the certificate binding properties of TLSA are
> desirable in the glue in this case, for a number of reasons, including the
> "getting out of sync" problem that Ben Schwartz pointed out, and the
> possibility that  we will want to use WebPKI.
>
>
> OK. From the wording about authentication in the draft, I figured you
> would actually want DNS-based public keys, even with the general problem of
> TLSA and getting out of sync.
>

The document is intended to be agnostic about WebPKI versus TLSA. Can you
point out what makes you think it favors it?

In any case, it's quite different to have the TLSA records in the parent
and in the server, because the server can ensure they don't get out of sync
with itself in a way that is harder than with the parent.


> 2. SVCB does not just let you signal DoH versus DoT it also allows you to
> signal DoQ, which has obvious advantages.
>
>
> TLSA also lets you signal DoQ. If it didn't, we would have rejected it out
> of hand.
>

I think it depends what you mean by "signal". TLSA can signal the
certificate which is to be expected for a QUIC connection, but AFAICT it
has no way to indicate that the server supports QUIC, whereas with SVCB you
can do this with ALPN (h3, doq). Your draft has a TODO here, so I'm not
sure what you have in mind.



> In addition, if it becomes necessary to signal what kind of credentials
> the server has. SVCB has a natural way to add that.
>
>
> Well, you said that in your draft, but I don't see that as a possibility
> in Ben's draft. It could be added, but there is no extension mechanism
> there.
>

Huh? You just define a new SvcParamKey:
https://datatracker.ietf.org/doc/html/draft-ietf-dnsop-svcb-https-03#section-14.3

-Ekr

v2.23.0 | Report a Bug | By Email