IETF Logo Mail Archive

Re: [dnsext] Clarifying the mandatory algorithm rules

Matthijs Mekking <matthijs@NLnetLabs.nl> Thu, 09 December 2010 15:18 UTC

Return-Path: <matthijs@nlnetlabs.nl>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8D97628C124 for <dnsext@core3.amsl.com>; Thu, 9 Dec 2010 07:18:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.6
X-Spam-Level:
X-Spam-Status: No, score=-102.6 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, NO_RELAYS=-0.001, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7LxSQijTZTbU for <dnsext@core3.amsl.com>; Thu, 9 Dec 2010 07:18:06 -0800 (PST)
Received: from open.nlnetlabs.nl (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::1]) by core3.amsl.com (Postfix) with ESMTP id 5DE5728C0D6 for <dnsext@ietf.org>; Thu, 9 Dec 2010 07:18:05 -0800 (PST)
Received: from [IPv6:2001:7b8:206:1:215:afff:fed2:e121] ([IPv6:2001:7b8:206:1:215:afff:fed2:e121]) (authenticated bits=0) by open.nlnetlabs.nl (8.14.4/8.14.4) with ESMTP id oB9FJXL0012993; Thu, 9 Dec 2010 16:19:33 +0100 (CET) (envelope-from matthijs@nlnetlabs.nl)
Message-ID: <4D00F385.4010405@nlnetlabs.nl>
Date: Thu, 09 Dec 2010 16:19:33 +0100
From: Matthijs Mekking <matthijs@NLnetLabs.nl>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.15) Gecko/20101027 Thunderbird/3.0.10
MIME-Version: 1.0
To: Edward Lewis <Ed.Lewis@neustar.biz>
References: <alpine.BSF.2.00.1011180553250.83352@fledge.watson.org> <4CE51293.5040605@nlnetlabs.nl> <a06240801c9101620d463@[192.168.128.163]> <22284.1290447209@nsa.vix.com> <4CF4D54B.5000407@nlnetlabs.nl> <4D00A86D.1040304@nlnetlabs.nl> <a06240800c9268ae26e12@[192.168.1.104]>
In-Reply-To: <a06240800c9268ae26e12@[192.168.1.104]>
X-Enigmail-Version: 1.0.1
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.6 (open.nlnetlabs.nl [IPv6:2001:7b8:206:1::53]); Thu, 09 Dec 2010 16:19:33 +0100 (CET)
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Clarifying the mandatory algorithm rules
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2010 15:18:07 -0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Ed,

On 12/09/2010 02:44 PM, Edward Lewis wrote:
> At 10:59 +0100 12/9/10, Matthijs Mekking wrote:
> 
>> Although this is local policy, I also think it is bad policy for a
>> validator to allow algorithm compromises and badly signed zones. Thus, I
>> would go for a MUST here.
> 
> The reason it can't be a MUST is that a zone may be signed with
> algorithm 42.  If a resolver does not know algorithm 42, how can it
> determine whether the signature using algorithm 42 is valid or invalid?

Of course, the statement is still only valid for algorithms that the
resolver knows of. So it can still be a MUST.

> Let's say a zone is signed by algorithms 5 and 7.  (A choice made
> specifically because the two algorithms have the same mathematical
> properties. ;))  What would you think if you received a set of data and
> signatures and discovered that the algorithm 5 signature validated the
> signature but the algorithm 7 signature did not.  What if the reason
> were cryptographic?  What if the reason was that the algorithm 7
> signature had simply expired (with or without NTP running)?  What if the
> reason was that the algorithm 7 signature had not yet entered its
> effectivity period?

When following the guidelines for "Check the Algorithms" with MUST, if
both algorithms are present in the DS RRset, and the algorithm 7
signature did not validate, the security status would be set to bogus.
The reason why the signature failed does not matter.

> If you can establish a chain of trust to a data set, why withhold it
> from the application requesting it in case you find that there is also a
> signature that fails?

Because the zone operator specifically wants to be protected against
algorithm compromises and does that by listing more than one algorithm
in the DS RRset.

> Assume a set of data has a legitimate signature in algorithm 5 that
> validates and you see an algorithm 7 signature that does not validate? 
> What if the cause of this was that an attacker wanted to perform a
> Denial of Service by applying an intentionally bad signature (which is
> trivial to do) to guarantee a failed chain of trust?  It's like allowing
> someone to say "don't trust the authorities, I'll insert some doubt so
> you won't use the information."

A Denial of Service is always easy. Stripping the signature is just as
easy to perform a DoS attack.


Best regards,

Matthijs


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNAPOFAAoJEA8yVCPsQCW5Os8H/jcfeckDNRo6+ECgPXHdcBY5
FbR/6dke8wCmFcay9cLNE17UsbKywhI8CgB82bZC5gsVLmmx3NQQkRWfMcpp7eWa
xJh4QAZ6MRqv83hBhlpfPi3byvqhRRDDC2NAyfSEWSQ45iWOo9yHsmcFBCXs2Rjj
wCLpQi+CGR76oeYcWoyOBW14FAKZv3n0QRf4jKeqJjB3hAoUU2v4GFGRITSQVTHD
XTbUY2b26jzUuupzXXntvvJ0cO4jJlT/skJi4bQ/vThhvlBG0hk19HqLV/NAEP9f
kLqi1cASRX5gue80P8pBHujVys1SGsQG6bgDh9ObntqKPNMoKjoICa77Prc8XDY=
=EGBr
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email