IETF Logo Mail Archive

Re: [dns-privacy] Intermediate proposal (what I was saying at the mic)

Eric Rescorla <ekr@rtfm.com> Thu, 29 July 2021 20:23 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4AFFC3A0920 for <dns-privacy@ietfa.amsl.com>; Thu, 29 Jul 2021 13:23:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bpB1hNYtfZY8 for <dns-privacy@ietfa.amsl.com>; Thu, 29 Jul 2021 13:23:47 -0700 (PDT)
Received: from mail-il1-x136.google.com (mail-il1-x136.google.com [IPv6:2607:f8b0:4864:20::136]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 929F93A091E for <dprive@ietf.org>; Thu, 29 Jul 2021 13:23:47 -0700 (PDT)
Received: by mail-il1-x136.google.com with SMTP id a14so7196567ila.1 for <dprive@ietf.org>; Thu, 29 Jul 2021 13:23:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=ZjpkkwdshDYUTT+itl++9pYKMEw+FrjHfZKv7wThpAo=; b=n+ynHtOap4fgG7zd8VljJhFQChCviXWzXtVmoXiIWly9du6MyBQuQmKXiodFurZoCO 4Y1S46VnoAMf5a8zqvEwMPd48tCifuBRJvOUikbcXFLH8vixuR2xi4ELmQocNKNuUnSI +bv8P48nClfKxNQYf9Peua84+bFCK4rCZNIlW6CgUMLzuh1YWporeqx8WZvAaLoN67sh +vKngTmAobMlT02Rkn3oe8JB9DYYpxWF/fV5r6i4bQJdEZExcXL2aeDPQ7PQtX9T7VPW OwTzoMp09yUHk2HtxcvV2GIWv1j2PwvMWTB8p+ZWbwZlsMtDyVRvwjZfKGxmXuSO8WXp i50g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=ZjpkkwdshDYUTT+itl++9pYKMEw+FrjHfZKv7wThpAo=; b=W+0xkdLcP2Wbpwdtk4JFespZdxsjHEmxR+QSC4Z9XKbaN8aXjbgUfsT8VvxSwnQPD8 b5xTAaBVVL8RERlyDZlyWgjo1HGj0/M93EoCbCU3aMQUK4B5edYlBPK5Fy8OdxBZm0ZY 7lk1mP1o3S7J/nIeIGs4aGTszZC/jA6U1ymZA1pHVuzP4aCKBAKHv/eSXZ8m9VWVZcq6 aX3nu5nqKRfwfYUsCLBqg7mv7/KGOY8u+qnsk0zNGEOPNxxYFrVZdCwGKAzUwaDd/ixN 2XuHEXRrYcoLzzk10OWWtbWEK9sD7tIMbXUfRlFkyFZtm4KOpCAAGjJhQZPFpwUR7O/o /9SQ==
X-Gm-Message-State: AOAM530tmd7UZc4DRu6Dehqu+hcxsCV9Vug7INYp9S6ryIvrYrtbcmpf o0cfaka8yBQiqol9kUkHTUDVzVm0tl2g6nhlWtgKwhxBtjz1YQ==
X-Google-Smtp-Source: ABdhPJxa7NY/dL+brLQnMoUeT9kmuJt8usoQTrWwKb4IB2wh9x9E9QlyJUVR7TW2xTp/KNfCGuPPzTz6DJ23pSCMIGs=
X-Received: by 2002:a92:d848:: with SMTP id h8mr4954147ilq.282.1627590225985; Thu, 29 Jul 2021 13:23:45 -0700 (PDT)
MIME-Version: 1.0
References: <CABcZeBNRZsyjd-M_hKOwxdqY=Y7oZs5-d4waqPHb9gO-GJNV+Q@mail.gmail.com> <bab022b2-7c3c-a5e-5a68-deb3d2dbcea6@nohats.ca>
In-Reply-To: <bab022b2-7c3c-a5e-5a68-deb3d2dbcea6@nohats.ca>
From: Eric Rescorla <ekr@rtfm.com>
Date: Thu, 29 Jul 2021 13:23:09 -0700
Message-ID: <CABcZeBPDf6Buha+54S29np3Su=_wUq6Av-oaiWWduRkTAZLNLw@mail.gmail.com>
To: Paul Wouters <paul@nohats.ca>
Cc: dprive@ietf.org
Content-Type: multipart/alternative; boundary="000000000000429b3005c848e143"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/njbvzpyddf3-3wcS1k2cP9MpWz0>
Subject: Re: [dns-privacy] Intermediate proposal (what I was saying at the mic)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Addition of privacy to the DNS protocol <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Jul 2021 20:23:52 -0000

On Thu, Jul 29, 2021 at 1:19 PM Paul Wouters <paul@nohats.ca> wrote:

> On Thu, 29 Jul 2021, Eric Rescorla wrote:
>
> > - Recursives can attempt to connect to any authoritative by probing
> >   with DoT/DoQ [0]. In this case, they should cleanly fall back to
> >   Do53 on connect failure and not validate the credential (whether
> >   WebPKI or DANE) This allows authoritatives to just turn on TLS
> >   without risk.
>
> I agree.
>
> And importantly, they can turn on _credentialed_ TLS without risk. If
> you would allow to continue "unauthenticated", then the DNS operator still
> has a future hard decision to make when to insist on authenticated. They
> again have to make a risky decision. The fact that "unauthenticated"
> works as standalone or fallback is no guarantee whatsoever that adding
> credentials to that setup won't cause complete failure.
>
> > - The SVCB record is used to signal that the authoritative expects to
> >   do TLS and indicates the type of credential (WebPKI, DANE, etc.)
> >   that the authoritative intends to present.  The recursive should
> >   insist on TLS in this case and hard fail if it cannot negotiate.
>
> Yes, I tried to do exactly this with TLSA records <grumbles about history>
> And this is what TLSA for SMTP actually does.
>
>
> >   If there is an overlap between the credentials the recursive
> >   supports and the ones the authoritative advertises, then the
> >   recursive should validate the credential and fail if it cannot.  If
> >   there is no overlap, it should not validate the credential.
>
> If there is no overlap, why even try the transport? Just do port 53.
>

The usual 7258 reasons, namely that forcing an active attack is good.


Don't give the user/OS a false sense of privacy if you can't even detect
> a MITM.
>

Can you expand on how someone is getting a false sense of security here?
I mean, we're talking about the recursive, right? So generally, the client
won't know what's happening at all.



> > - (Optional) We should invent some way for the server to say in
> >   SVCB that it doesn't have any valid credential (e.g., a reserved
> >   credential type). This would be a signal you wanted unauthenticated.
>
> Now you are advertising which DNS servers can easilly be MITMed. An
> attacker can live query the DNS to see if it should commence attacking.
>

How is this different from seeing who supports TLS but has an invalid cert?
Anyway, I'm not going to fight about this piece.

-Ekr


> Paul
>

v2.23.0 | Report a Bug | By Email