[dnsext] Robustness & Extensibility -- was: Re: Clarifying the mandatory algorithm rules
Alfred Hönes <ah@TR-Sys.de> Thu, 18 November 2010 15:51 UTC
Return-Path: <A.Hoenes@TR-Sys.de>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 842CA3A6879 for <dnsext@core3.amsl.com>; Thu, 18 Nov 2010 07:51:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -98.176
X-Spam-Level:
X-Spam-Status: No, score=-98.176 tagged_above=-999 required=5 tests=[AWL=0.573, BAYES_00=-2.599, CHARSET_FARAWAY_HEADER=3.2, HELO_EQ_DE=0.35, MIME_8BIT_HEADER=0.3, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gE8GUAHuMq+8 for <dnsext@core3.amsl.com>; Thu, 18 Nov 2010 07:51:33 -0800 (PST)
Received: from TR-Sys.de (gateway.tr-sys.de [213.178.172.147]) by core3.amsl.com (Postfix) with ESMTP id 546983A67FA for <dnsext@ietf.org>; Thu, 18 Nov 2010 07:51:32 -0800 (PST)
Received: from ZEUS.TR-Sys.de by w. with ESMTP ($Revision: 1.37.109.26 $/16.3.2) id AA247645523; Thu, 18 Nov 2010 16:52:03 +0100
Received: (from ah@localhost) by z.TR-Sys.de (8.9.3 (PHNE_25183)/8.7.3) id QAA15905; Thu, 18 Nov 2010 16:52:02 +0100 (MEZ)
From: Alfred Hönes <ah@TR-Sys.de>
Message-Id: <201011181552.QAA15905@TR-Sys.de>
To: jelte@isc.org
Date: Thu, 18 Nov 2010 16:52:01 +0100
X-Mailer: ELM [$Revision: 1.17.214.3 $]
Mime-Version: 1.0
Content-Type: text/plain; charset="hp-roman8"
Content-Transfer-Encoding: 7bit
X-Mailman-Approved-At: Thu, 18 Nov 2010 07:54:05 -0800
Cc: dnsext@ietf.org
Subject: [dnsext] Robustness & Extensibility -- was: Re: Clarifying the mandatory algorithm rules
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2010 15:51:34 -0000
At Thu, 18 Nov 2010 15:33:11 +0100 , Jelte Jansen wrote: > [...] > > Or, more generally, why say that you MUST do a, then say that you > SHOULD/MAY NOT check whether A was done? > > [...] Isn't that simply a basic corollary of Jon Postel's robustness principle? We frequently say: [the originator] MUST set xxxxx to yyyyyy. and: [the recipient] MUST ignore xxxxx. IMO, this is a basic principle that allows a smooth path forward for the introduction of new protocol elements. In the case discussed here, introduction of a new crypto-algorithm into a DNSSEC-signed DNS zone, a similar application of the robustness principle seems appropriate. Unless the recipient (= validator) is *required* (by policy, or lack of support of the previously used crypto-algorithm) to validate signatures based on the new algorithm, any other working validation path should suffice. It is up to the zone maintainer/signer to decide when they deem the old algorithm insecure enough to regard its usage as a downgrade attack: they just have to retire the corresponding keys and signatures. At that time, they cut off the tail of validators that do not support the new crypto. Until that is done, these will be able validate, and it makes no sense to expect other validators to regard that validation path as insufficient -- there's no point in regarding the old way as insecure for some validators and secure for other validators. Cf. the principles in X.509 / PKIX: Absent specific local policy, *any* validatable certification path from an available trust anchor to a given certificate under consideration is acceptable. (RFC 5280 explicitely tells you to try the next possible cert path whenever validation of a candidate cert path fails, for any reason.) Here, "validatable" includes built-in support of the signature algorithm and underlying hash algorithm, local policy admitting the acceptance of these algorithms for signature validation, and the mathematical verification of the signatures found. Therefore, I fully support Samuel Weiler's PoV that DNSSEC validating resolvers should only care about syntactical correctness of RRs and the specific rules codified for such resolvers in the specs. Otherwise, we would likely tend to more and more close windows for a smooth migration to protocol extensions (including migration to new crypto) and make DNSSEC administration and management subject to even more restrictions (that essentially would only serve to make that management more fragile and error-prone and thereby make DNSSEC itself looking more error-prone from the PoV of DNS users. Making independent things happen at the same time is particularly difficult in a highly distributed environment like the DNS, and so allowing small steps on the signer/maintainer side of a zone and have only particular "milestones" trigger change of mandatory behavior in validating resolvers seems to be a valid and valuable strategy. Kind regards, Alfred.
- [dnsext] Robustness & Extensibility -- was: Re: C… Alfred Hönes