IETF Logo Mail Archive

Re: [dns-privacy] [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]

Peter van Dijk <peter.van.dijk@powerdns.com> Wed, 27 May 2020 08:28 UTC

Return-Path: <peter.van.dijk@powerdns.com>
X-Original-To: dns-privacy@ietfa.amsl.com
Delivered-To: dns-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EEC5A3A0B68 for <dns-privacy@ietfa.amsl.com>; Wed, 27 May 2020 01:28:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.62
X-Spam-Level:
X-Spam-Status: No, score=-1.62 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, KHOP_HELO_FCRDNS=0.276, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZF6CbHSlshaA for <dns-privacy@ietfa.amsl.com>; Wed, 27 May 2020 01:28:32 -0700 (PDT)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 165BC3A0B6B for <dns-privacy@ietf.org>; Wed, 27 May 2020 01:28:28 -0700 (PDT)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx4.open-xchange.com (Postfix) with ESMTPS id 250B46A307; Wed, 27 May 2020 10:28:25 +0200 (CEST)
Received: from plato (e82143.upc-e.chello.nl [213.93.82.143]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id ED8EC3C03E3; Wed, 27 May 2020 10:28:24 +0200 (CEST)
Message-ID: <a8f44365b9b3a079753f8286cc19fbb241996bf5.camel@powerdns.com>
From: Peter van Dijk <peter.van.dijk@powerdns.com>
To: dns-privacy@ietf.org
Date: Wed, 27 May 2020 10:28:22 +0200
In-Reply-To: <CAHbrMsDKQqfnoty+cRa5bJ=zVkONYTbFf-=8hzAj0E7pWeFXug@mail.gmail.com>
References: <158987990316.29446.4343920282978207647@ietfa.amsl.com> <a15e2d1df86820f2483516662d3712d8a60161cd.camel@powerdns.com> <alpine.LRH.2.21.2005191134560.13722@bofh.nohats.ca> <ec6bc9248179a9ab56ea490f82b14c7e90ffe819.camel@powerdns.com> <alpine.LRH.2.21.2005241222410.4172@bofh.nohats.ca> <77f7a9c38c6bd0a059679a7ab3027b4da9005512.camel@powerdns.com> <alpine.LRH.2.21.2005241710490.10453@bofh.nohats.ca> <5653e4dd2ab6daa648387808a3ac04e088bbc89b.camel@powerdns.com> <CAHbrMsDKQqfnoty+cRa5bJ=zVkONYTbFf-=8hzAj0E7pWeFXug@mail.gmail.com>
Organization: PowerDNS.COM B.V.
Content-Type: multipart/alternative; boundary="=-KtDBRUWoMO/P0q0uoS0j"
User-Agent: Evolution 3.30.5-1.1
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/dns-privacy/yu3ZD7d7A7CnU9TjoJMi8qy1ueA>
Subject: Re: [dns-privacy] [Fwd: New Version Notification for draft-vandijk-dprive-ds-dot-signal-and-pin-00.txt]
X-BeenThere: dns-privacy@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <dns-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dns-privacy/>
List-Post: <mailto:dns-privacy@ietf.org>
List-Help: <mailto:dns-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dns-privacy>, <mailto:dns-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2020 08:28:34 -0000

Hello Ben,

On Tue, 2020-05-26 at 21:27 -0400, Ben Schwartz wrote:
> I like the idea of signalling DoT support in the DS record, but I worry a bit about putting the SPKI fingerprint in the DS as well.  Having to update the parent zone whenever the TLSA key needs to be rotated seems cumbersome and fragile, especially if the nameserver is operated by a third party.

I agree, it's the weakest link in the proposition.

>  DoT authoritatives would need to keep both the old and new certificates on hand during the transition

keys, not certificates

> , and DoT recursives would need some way to signal in the ClientHello which one they are expecting.

I don't follow - if the DS set has both the old and new keys, the DoT recursive will accept either. I ki

>   This is pretty far from how TLS normally works.

Hmm, is TLSA 3 1 x far from how TLS normally works? I feel like I'm missing something.

> I wonder if you considered using draft-ietf-tls-dnssec-chain-extension instead? That would provide the same security and performance, using less volatile information in the parent.  Specifically, I think that the DS record would have to convey one bit ("DoT enabled") plus the name of the nameserver (which should probably match the NS record).  That seems preferable to me.

I considered putting names in DS records; I also considered chain-extension; but I failed to consider them together! With NS names 'verified' by DS, that looks like something that would also be secure. I agree with the problems Petr spotted - I'm aware of roughly zero implementations of dnssec-chain in clients or servers.

> That seems preferable to me.

For me, with 10 domains on two name servers, not having the complexity of chain-extension is preferable. For others, with a million domains, obviously our draft does not scale. I've been assuming we'd end up with two or three separate signals, each fit for purpose for a certain scale. Your proposal seems like a viable candidate to be one of those to me.


Kind regards,
-- 
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

v2.23.0 | Report a Bug | By Email