Re: [dns-privacy] I-D Action: draft-ietf-dprive-dnsodtls-08.txt
"Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com> Fri, 05 August 2016 02:47 UTC
Return-Path: <tireddy@cisco.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A33012D765 for <dns-privacy@ietfa.amsl.com>; Thu, 4 Aug 2016 19:47:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -15.808
X-Spam-Level:
X-Spam-Status: No, score=-15.808 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, RP_MATCHES_RCVD=-1.287, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CWseNngrosVR for <dns-privacy@ietfa.amsl.com>; Thu, 4 Aug 2016 19:47:56 -0700 (PDT)
Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B7D6412D59D for <dns-privacy@ietf.org>; Thu, 4 Aug 2016 19:47:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=17658; q=dns/txt; s=iport; t=1470365276; x=1471574876; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=Wkd2BSHbp9v/aHdqB2zatg7hCGNE+FhCPEstFTsLEiE=; b=aUOBuwRM1jtoM61Ow9QTWIop5q+HYi4mw/2bvz9IImmHvNuJhhF46Q4K o51rjH+O9nEi+S1RnFr2XKIqtkBG2zzrD/ibUtK1AwIhWoY5Lm3haCDGP jjt0pXMdQaUANMtisKU6TF9czD5TOxoEDA7PAzM9XAW7teEIF+11RslTh U=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: A0B+AgDC/aNX/5JdJa1cg0VWfAe5I4F9JIV5AhyBKjgUAQEBAQEBAV0nhF4BAQQBAQEhETcDBAwHBAIBBgIRBAEBAwIjAwICAiULFAEICAIEARIIiCEIDpB1nSCQEAEBAQEBAQEBAQEBAQEBAQEBAQEBARcFgQGFKYNKgQOEKgYDgw6CWgWIJYtMhUMBhhmCfIVlgXKEW4h6jDGDdgEeNoIPAxyBTG6GTwIFHyB/AQEB
X-IronPort-AV: E=Sophos;i="5.28,471,1464652800"; d="scan'208";a="132159470"
Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 05 Aug 2016 02:47:55 +0000
Received: from XCH-RCD-017.cisco.com (xch-rcd-017.cisco.com [173.37.102.27]) by rcdn-core-10.cisco.com (8.14.5/8.14.5) with ESMTP id u752ltsJ031495 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Fri, 5 Aug 2016 02:47:55 GMT
Received: from xch-rcd-017.cisco.com (173.37.102.27) by XCH-RCD-017.cisco.com (173.37.102.27) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Thu, 4 Aug 2016 21:47:54 -0500
Received: from xch-rcd-017.cisco.com ([173.37.102.27]) by XCH-RCD-017.cisco.com ([173.37.102.27]) with mapi id 15.00.1210.000; Thu, 4 Aug 2016 21:47:54 -0500
From: "Tirumaleswar Reddy (tireddy)" <tireddy@cisco.com>
To: Sara Dickinson <sara@sinodun.com>, "dns-privacy@ietf.org" <dns-privacy@ietf.org>
Thread-Topic: [dns-privacy] I-D Action: draft-ietf-dprive-dnsodtls-08.txt
Thread-Index: AQHR7ZtjX5Qr3O0eikKc4Cjc2cz4aaA4RlKg
Date: Fri, 05 Aug 2016 02:47:54 +0000
Message-ID: <ed800ee55c434c56b4d27af9125043f5@XCH-RCD-017.cisco.com>
References: <0DAFF409-B7F9-43EB-ACED-555F2A87FB4F@sinodun.com>
In-Reply-To: <0DAFF409-B7F9-43EB-ACED-555F2A87FB4F@sinodun.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.65.88.8]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/rpr1uGWSN0pUB2qqhhiYK7RaELs>
Subject: Re: [dns-privacy] I-D Action: draft-ietf-dprive-dnsodtls-08.txt
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Aug 2016 02:47:59 -0000
Hi Sara, Thanks for the review. Please see inline > -----Original Message----- > From: dns-privacy [mailto:dns-privacy-bounces@ietf.org] On Behalf Of Sara > Dickinson > Sent: Wednesday, August 3, 2016 8:54 PM > To: dns-privacy@ietf.org > Subject: [dns-privacy] I-D Action: draft-ietf-dprive-dnsodtls-08.txt > > Hi All, > > I think the recent changes have moved this draft in the right direction, but I > agree with other reviewers that it could still become more aligned with the > other related drafts. So I’ve done quite a detailed review with 2 main goals in > mind: > > 1) Increase consistency between this draft and RFC7858 > 2) Align it better with the most recent version of the draft-ietf-dprive-dtls-and- > tls-profiles draft > > My strong preference would be to see these changes made before the > document progressed to WGLC, as I think they increase the overall readability. > > With regard to the separate https://tools.ietf.org/html/draft-wing-dprive- > profile-and-msg-flows-01 I’ll re-iterate my question from the Yokohama WG: > Is there anything DNS specific in the draft? I don’t recall anything particularly > DNS specific. I definitely see value in a draft comparing message flows > between TLS and DTLS in general, but my feeling is it might be better > progressed though another working group with more (D)TLS experts - TLS or > UTA ? I don't think other WG will care enough for this draft, maybe the chairs can request reviewers from the above WG's. > > On the topic of Experimental vs Standards I support the position that > implementation work is necessary for this to be considered Standards Track. > In particularI think there are 2 areas that need to be directly informed by > implementation experience > 1) DTLS Session management > 2) Reference implementation of message size calculation and fallback > scenarios > > > Comments on this draft > --------------------------------- > > Title/Acronym: > > - My suggestion is to change the title to "Specification for DNS over Datagram > Transport Layer Security (DTLS)” for consistency with RFC7858, which is called > “Specification for DNS over Transport Layer Security (TLS)“ and Changed. > then also drop > the suggested acronym "(DNSoD, pronounced "dee-eon-sod”)”. In draft-ietf- > dprive-dtls-and-tls-profiles we use DNS-over-(D)TLS throughout so calling this > mechanism simply DNS-over-DTLS feels more consistent. The acronym was added as it sounded easy to pronounce. > > > Abstract: > > - “AS DNS needs to remain fast” - suggest “As latency is critical for DNS” Updated. > > > 1. Introduction: > > - Second bullet point, last paragraph: I think it is currently correct that TCP > Fast open is not yet ubiquitous but given the recent significant deployment > efforts I’m not sure that will remain true for long. Also, TFO is now available > on Windows, Linux, OS X and (server side) FreeBSD. Removed the second line in the last paragraph. > > > 1.1 Relationship to TCP Queries and to DNSSEC > > - s/DNS over TCP could be protected with TLS/DNS over TCP can be protected > with TLS/ Fixed. > > - I suggest adding an additional paragraph after the first one here with > wording similar to that below. I think this is necessary to avoid the kind of > confusion that plagued the requirement to implement DNS-over-TCP for many > years, or an intermediate state where only partial privacy is available: > “DNS-over-DTLS alone cannot provide privacy for DNS messages in all > circumstances, specifically when the DNS-over-DTLS response is larger than > the path MTU. In such situations the DNS server will respond with a truncated > response (see Section 4). Therefore DNS clients and servers that implement > DNS-over-DTLS MUST also implement DNS-over-TLS in order to provide > privacy for clients that desire Strict Privacy as described in [draft-ietf-dprive- > dtls-and-tls-profiles].” Good point, updated. > > > 3.1 Session Initiation > > - “DNSoD MUST run over standard UDP port 853 as defined in Section 7.” > — Interesting. This is a substantially different statement to that made wrt > DNS-over-TCP in Section 3.1 of RFC7858, which allows flexibility run over > other ports (but not to use port 53). So this seems inconsistent and also more > restrictive. It would be nice to have some justification for this if this is the > requirement, otherwise this section could use very similar text to that used in > RFC7858 here? Used text similar to RFC7858. > -- I would like to see a statement that clients and servers MUST NOT use port > 853 for clear text UDP messages. Added. > > - s/The host should determine if the DNS server/The DNS client should > determine if the DNS server/ Fixed. > > 3.2 DTLS Handshake and Authentication > > - s/in the event the DNS server upgrades to support DNSoD/to discover if DNS- > over-DTLS service becomes available from the DNS server/ Replaced. > > - I’d also like to see some statement about how many concurrent DTLS > sessions a client should establish to a particular DNS Server (just one?). Yes, one DTLS session is sufficient. Its already discussed in Section 3.3 <snip>To reduce client and server workload, clients SHOULD re-use the DTLS session. A single DTLS session can be used to send multiple DNS requests and receive multiple DNS responses.</snip> > > - Second paragraph: It seems the first 3 sentences here are repeating the > motivation for authentication already provided in the Introduction. I suggest > replacing them with the text “ The client will then authenticate the server, if > required. “ I think those 3 sentences are still required to understand the importance of authenticating the DNS server. > > 3.3 Established Sessions > > - Is there anything additional here that can be said about expected session > lifetimes or idle timeouts? Is it expected that clients keep session open > indefinitely until some sort of error is encountered or can some sort of > reasonable idle timeout be suggested? Is there any expectation about whether > the client or server typically terminates a session? Yes, updated draft. NEW: In between normal DNS traffic while the communication to the DNS server is quiescent, the DNS client may want to probe the server to ensure it has maintained cryptographic state. Such probes can also keep alive firewall or NAT bindings. This probing reduces the frequency of needing a new handshake when a DNS query needs to be resolved, improving the user experience at the cost of bandwidth and processing time. If the server has lost state, a DTLS handshake needs to be initiated with the server. > > - There is a diagram here of a “Message Flow for Full Handshake Issuing New > Session Ticket” but is doesn’t appear to be referenced from the text at all - is > there a specific reason to include this flow here (I think it is a standard DTLS > message flow)? I suggest either to give it some context or remove it. Added supporting text. > > 4. Performance Considerations > > - The first and third paragraphs overlap with the recommendations already > made in Section 11 of the draft-ietf-dprive-dtls-and-tls-profiles draft, so > perhaps they can be removed or changed to make any DTLS specific points ? Added reference to Section 11 of profile draft. > > - “Since pipelined responses can arrive out of order” - I think the word > ‘pipelined’ was accidentally picked up by re-using the text in RFC7858. For > DTLS I think it is more correct to just say “Since responses within a DTLS > session can arrive out of order “? Updated. > > - Fourth Paragraph: > — I’m not sure that the discussion of truncated responses is purely a > performance issue, I believe is is a protocol issue so would suggest moving > this to a section of its own? Yes, added new section. > > -- Question: What does a server do if the client doesn’t send an EDNS0 option? The maximum DNS response size of 512 bytes plus DTLS overhead will be well within the Path MTU. > > -- "The DNS server must ensure that the DNS response size does not exceed > the Path MTU” s/must/MUST? Done. > > -- “If the DNS server's response were to exceed that calculated value, the > server sends a response...” Is there a reason this isn't ‘the server MUST send a > response”? No, updated above line to use "MUST". > > -- I do think there is a DTLS Usage Profile specific point to make related to this, > which is that if a client gets a truncated answer over DTLS it could choose to > fallback to UDP/TCP instead of TLS _if_ it were using an Opportunistic profile > which would result in a kind of ‘hybrid’ security. In Opportunistic profile, if server sends truncated response then DNS client should first try TLS and if the TLS handshake fails then fallback to TCP. > I don’t really see any > advantage in that if TLS is available, but the last sentence is unclear on this > possibility, suggesting only TLS can be used - which is correct for Strict Privacy > but perhaps not (at least technically) for Opportunistic. This feel worthy of > some discussion. Added following line: If DNS-over-TLS connection fails and the client is using Opportunistic Privacy profile then the client can fallback to DNS-over-TCP. DNS client can setup both DNSoD and DNS-over-TLS connections in parallel, to reduce the latency to send DNS queries over DNS-over-TLS if the DNS response is truncated over the DNSoD and the client needs the entire response. > > 6. Usage > > The draft-ietf-dprive-dtls-and-tls-profiles draft now includes a fairly detailed > comparison of Strict and Opportunistic privacy so I wonder if this section can > be replaced with a reference to that document, unless there is anything DTLS > specific that needs to be said here? Updated section to point to the profiles draft. > > 8. Security Considerations > > - "The guidance given in [RFC7525] must be followed to avoid attacks on > DTLS.” s/must/MUST or SHOULD? Fixed. > > - “For servers with no connection history…” I think this sentence can also be > removed since it is more fully covered in the draft-ietf-dprive-dtls-and-tls- > profiles draft. I don’t think it's discussed in profile draft, please check. > > - “Once a DNSoD client has established > a security association with a particular DNS server, and outstanding > normal DNS queries with that server (if any) have been received, the > DNSoD client MUST ignore any subsequent normal DNS responses from > that server, as all subsequent responses should be encrypted.” > I think this text is a hangover from the earlier draft when port 53 was used. No, the above line explains that if the DNS client is using DNSoD it must not accept plain text DNS responses arriving on any port. Added more details to clarify. > If > clarification is added in section 3.1 then I think clear text and DTLS should only > ever happen on separate ports when communicating with a given server? > > > Minor editorial nits: > > - There are several places throughout the document where a space separates > a reference from a following punctuation mark (e.g. end of the first and last > sentences of the Introduction). > - Abstract: Second paragraph, first sentence: This sentence starts and ends > with very similar phrases which I’m not sure are both needed? > - Introduction: Missing ‘The’ at the start of last sentence of first paragraph? > - Section 3.2: First sentence: s/with DTLS handshake/with the DTLS > handshake/ > - Section 3.3: s/When a user of DTLS wishes to send an DNS message, it > delivers it to the DTLS implementation/When a user of DTLS wishes to send a > DNS message, the data is delivered to the DTLS implementation/ > - Sestion 3.4: s/DNSod client and server MUST/DNS-over-DTLS clients and > servers MUST/ > - Section 3.4: s/DTLS session is terminated/A DTLS session is terminated/ > - Section 4: s/To reduce number of/To reduce the number of/ > - Section 4: s/DNS client and server can use raw public keys [] or/DNS clients > and servers can use raw public keys [] and/ > - Section 4: s/Path MTU MUST be greater than equal to/Path MTU MUST be > greater than or equal to/ > - Section 5: s/DTLS client receives authenticated/DTLS client receives an > authenticated/ Updated draft to address all above nits. Best Regards, -Tiru > > Regards > > Sara. > > _______________________________________________ > dns-privacy mailing list > dns-privacy@ietf.org > https://www.ietf.org/mailman/listinfo/dns-privacy
- Re: [dns-privacy] RE I-D Action: draft-ietf-dpriv… Paul Hoffman
- Re: [dns-privacy] RE I-D Action: draft-ietf-dpriv… Tirumaleswar Reddy (tireddy)
- [dns-privacy] RE I-D Action: draft-ietf-dprive-dn… Sara Dickinson
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-d… Tirumaleswar Reddy (tireddy)
- [dns-privacy] I-D Action: draft-ietf-dprive-dnsod… Sara Dickinson
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-d… Paul Hoffman
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-d… Tirumaleswar Reddy (tireddy)
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-d… Paul Hoffman
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-d… Alexander Mayrhofer
- Re: [dns-privacy] I-D Action: draft-ietf-dprive-d… Tirumaleswar Reddy (tireddy)
- [dns-privacy] I-D Action: draft-ietf-dprive-dnsod… internet-drafts