[dns-privacy] Eric Rescorla's Discuss on draft-ietf-dprive-dtls-and-tls-profiles-09: (with DISCUSS and COMMENT)
Eric Rescorla <ekr@rtfm.com> Sat, 06 May 2017 20:31 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: dns-privacy@ietf.org
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 92AAD124E15; Sat, 6 May 2017 13:31:12 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Eric Rescorla <ekr@rtfm.com>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-dprive-dtls-and-tls-profiles@ietf.org, Tim Wicinski <tjw.ietf@gmail.com>, dprive-chairs@ietf.org, tjw.ietf@gmail.com, dns-privacy@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.50.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <149410267259.23107.8936430130975036477.idtracker@ietfa.amsl.com>
Date: Sat, 06 May 2017 13:31:12 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/oauLi1JpWlTA61U_2b4I-c4szpI>
Subject: [dns-privacy] Eric Rescorla's Discuss on draft-ietf-dprive-dtls-and-tls-profiles-09: (with DISCUSS and COMMENT)
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.22
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 06 May 2017 20:31:13 -0000
Eric Rescorla has entered the following ballot position for draft-ietf-dprive-dtls-and-tls-profiles-09: Discuss When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html for more information about IESG DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-dprive-dtls-and-tls-profiles/ ---------------------------------------------------------------------- DISCUSS: ---------------------------------------------------------------------- S 9 mandates RFC 7250: o Raw public keys [RFC7250] which reduce the size of the ServerHello, and can be used by servers that cannot obtain certificates (e.g., DNS servers on private networks). This needs to be updated to indicate that the client MUST NOT offer 7250 unless it has a preconfigured SPKI, otherwise you're going to have interop problems. ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- TECHNICAL S 5. subsequently connect. The rationale for this is that requiring Strict Privacy for such meta queries would introduce significant deployment obstacles. This profile provides strong privacy guarantees to the client. This Profile is discussed in detail in Section 6.6. This point seems unclear. If you do these queries unprotected, then you don't have strong privacy guarantees. I think you mean that you get them via some trusted mechanism such as DHCP. widespread adoption of Strict Privacy. It should be employed when the DNS client might otherwise settle for cleartext; it provides the maximum protection available. I don't think this statement is accurate. It provides the best protection that the attacker will allow. Table 1 seems to have N and D paired, so maybe you can coalesce them? S 6.4. A DNS client that is configured with both an authentication domain name and a SPKI pinset for a DNS server SHOULD match on both a valid credential for the authentication domain name and a valid SPKI pinset (if both are available) when connecting to that DNS server. The overall authentication result should only be considered successful if both authentication mechanisms are successful. You should cover the topic of user-defined trust anchors. Here's the relevant text from 7469: For example, a UA may disable Pin Validation for Pinned Hosts whose validated certificate chain terminates at a user-defined trust anchor, rather than a trust anchor built-in to the UA (or underlying platform). EDITORIAL Do you want to cite TLS 1.3 at this point? S 3. o Any server identifier other than domain names, including IP address, organizational name, country of origin, etc. addresses, names, for parallel structure with domain names S 9. There are known attacks on (D)TLS, such as machine-in-the-middle and protocol downgrade. These are general attacks on (D)TLS and not specific to DNS-over-TLS; please refer to the (D)TLS RFCs for discussion of these security issues. This text seems pretty unhelpful. Given that you are specifying 1.2, if you also require the relevant strong algorithms, then there should not be downgrade or MITM attacks.
- [dns-privacy] Eric Rescorla's Discuss on draft-ie… Eric Rescorla
- Re: [dns-privacy] Eric Rescorla's Discuss on draf… Sara Dickinson
- Re: [dns-privacy] Eric Rescorla's Discuss on draf… Eric Rescorla
- Re: [dns-privacy] Eric Rescorla's Discuss on draf… Kathleen Moriarty
- Re: [dns-privacy] Eric Rescorla's Discuss on draf… Sara Dickinson
- Re: [dns-privacy] Eric Rescorla's Discuss on draf… Eric Rescorla