Re: [dnsext] Clarifying the mandatory algorithm rules
Brian Dickson <brian.peter.dickson@gmail.com> Thu, 18 November 2010 21:01 UTC
Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 887E828C110 for <dnsext@core3.amsl.com>; Thu, 18 Nov 2010 13:01:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.343
X-Spam-Level:
X-Spam-Status: No, score=-2.343 tagged_above=-999 required=5 tests=[AWL=-0.644, BAYES_00=-2.599, J_CHICKENPOX_23=0.6, MIME_8BIT_HEADER=0.3]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5F12OSbhy4pd for <dnsext@core3.amsl.com>; Thu, 18 Nov 2010 13:01:18 -0800 (PST)
Received: from mail-gy0-f172.google.com (mail-gy0-f172.google.com [209.85.160.172]) by core3.amsl.com (Postfix) with ESMTP id 620E828C10F for <dnsext@ietf.org>; Thu, 18 Nov 2010 13:01:18 -0800 (PST)
Received: by gyh20 with SMTP id 20so2350060gyh.31 for <dnsext@ietf.org>; Thu, 18 Nov 2010 13:02:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=nFoNDsBlJg/QLla9qcdU1QpvDBiG9yIZh4SCjCd2yMk=; b=pxf82Iqf12PgUA0Bif5QFiUnerP494ZUiuXsqPnS7aKtu0dIgoW5UwfO4pfXY1NaU7 04kQloJg9138VTrMNiCChJdZIS0K1aDc01w2oK6taY2n8LrPIlB7Z2re072CxU9WOFM7 bIDGfzgMUKWTxl1lwZsqJZMFZR10rOjQ5AJuA=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=cmIyi5WAbV3ol+DeYlJ3nODxpiHqVpDaauRT16xhlUrLIsVUGrbdvqxTnYScNv+paI 0vTEfL0SSKAKc6jxyL6GEFAJqALtfT7upF7izXydseAcjmLGfkahcylIqelk8NkE5w60 w+jqyH4+mypoqX8XpAxHEsRgp0mQBO23sq4b0=
MIME-Version: 1.0
Received: by 10.223.125.132 with SMTP id y4mr53917far.148.1290114124702; Thu, 18 Nov 2010 13:02:04 -0800 (PST)
Received: by 10.223.144.71 with HTTP; Thu, 18 Nov 2010 13:02:04 -0800 (PST)
In-Reply-To: <4CE58E90.6030607@nic.cz>
References: <alpine.BSF.2.00.1011180553250.83352@fledge.watson.org> <4CE53927.9090203@isc.org> <4CE58E90.6030607@nic.cz>
Date: Thu, 18 Nov 2010 17:02:04 -0400
Message-ID: <AANLkTin2H7UkP7FVfz3GN74CKtqn2OKo7MmcKMGOkvNY@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
To: Ondřej Surý <ondrej.sury@nic.cz>
Content-Type: text/plain; charset="ISO-8859-2"
Content-Transfer-Encoding: quoted-printable
Cc: dnsext@ietf.org
Subject: Re: [dnsext] Clarifying the mandatory algorithm rules
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Nov 2010 21:01:19 -0000
I don't think the example is complete or accurate enough, since the security at the delegation step depends on the parent's algorithms, not the child's. See below in-line for additional comments... On Thu, Nov 18, 2010 at 4:37 PM, Ondřej Surý <ondrej.sury@nic.cz> wrote: > Wouter, Jelte, > > On 18.11.2010 15:33, Jelte Jansen wrote: >> >> IMHO, we should either do downgrade protection for all cases > > I suggest we properly define what a "downgrade protection" is and how does > it protect the zone. I've fallen for this trap too and it helped me a lot > to write it down. > > Let's define (I skip KSK and ZSK for sake of sanity and I skip RFC5011 for > the same reason): > > Algorithm A is supported. > Algorithm B is also supported. > > Zone X has following properties: > 1) DS record for algorithm A 1a) Signatures for DS(A), using DNSKEY(PA),DNSKEY(PB) (parent alg A and parent alg B) -- may not be the same as A and B > 2) DNSKEY in apex for algorithm A - DNSKEY(A) > 3) Signatures with DNSKEY(A) > > Zone Y has following properties: > 1) DS record for algorithm A 1a) Signatures for DS(A), using DNSKEY(PA),DNSKEY(PB) (id.) > 2) DNSKEY in apex for algorithm A - DNSKEY(A) > 3) DNSKEY in apex for algorithm B - DNSKEY(B) > 4) Signatures with DNSKEY(A) and DNSKEY(B) > > What you are saying is that Zone Y is more secure than Zone X. And I don't > think so, because there is a step when you rely only on algorithm A. NB - the DS does not use the algorithms, it uses (orthogonal to algorithms) hashes. If the hash used is more secure than A, then Y is more secure than X. > Now let's add: > > Zone Z has following properties > 1) DS record for algorithm A > 2) DS record for algorithm B > 3) DNSKEY in apex for algorithm A - DNSKEY(A) > 4) DNSKEY in apex for algorithm B - DNSKEY(B) > 5) Signatures with DNSKEY(A) and DNSKEY(B) Here is where the example definitely helps in at least presenting the components for comparison. If something is seen on the wire in zone Z, without the signature DNSKEY(B), it might be the result of a downgrade. I.e., if A is weak, and the signature based on DNSKEY(A) can be spoofed, this needs to be protected against. This also means the signatures over the DNSKEYs at the apex similarly need downgrade protection, and can only be used/trusted, if they all match those found in the corresponding DS set of the parent. If the parent DS is not the source of the list of algorithms which must all be used for signing everything in the zone, downgrades are possible. I think there is wiggle room for the addition of new DNSKEYs and algorithms, via the ZSK/KSK linkage, that differs slightly. I.e. KSK must match DS for algorithms, and ZSK must match RRSIG for algorithms. It is possible that algorithms present in ZSKs are not present in KSKs. And in such a case, unbound is correct and bind is incorrect, IMHO. Brian > I think that only Zone Z is more secure than Zone X and Zone Y. And because > you don't have to keep both DS records for algorithm A and algorithm B in > the parent zone (ie. you can just exchange the DS) then the key algorithm > rollover can be less painful. > > I would even suggest that the condition of "having the chain of trust" from > TA to the key with a specific algorithm also applies for Sam's case for > introducing the new "unknown" algorithm. But I haven't given it much > thought and I rather thing it through more before coming to any conclusion. > > Ondrej > -- > Ondřej Surý > vedoucí výzkumu/Head of R&D department > ------------------------------------------- > CZ.NIC, z.s.p.o. -- Laboratoře CZ.NIC > Americka 23, 120 00 Praha 2, Czech Republic > mailto:ondrej.sury@nic.cz http://nic.cz/ > tel:+420.222745110 fax:+420.222745112 > ------------------------------------------- > _______________________________________________ > dnsext mailing list > dnsext@ietf.org > https://www.ietf.org/mailman/listinfo/dnsext >
- Re: [dnsext] Clarifying the mandatory algorithm r… Jeffrey A. Williams
- Re: [dnsext] Clarifying the mandatory algorithm r… Jeffrey A. Williams
- Re: [dnsext] Clarifying the mandatory algorithm r… Jeffrey A. Williams
- [dnsext] Clarifying the mandatory algorithm rules Samuel Weiler
- Re: [dnsext] Clarifying the mandatory algorithm r… Ondřej Surý
- Re: [dnsext] Clarifying the mandatory algorithm r… Ondřej Surý
- Re: [dnsext] Clarifying the mandatory algorithm r… Samuel Weiler
- Re: [dnsext] Clarifying the mandatory algorithm r… W.C.A. Wijngaards
- Re: [dnsext] Clarifying the mandatory algorithm r… W.C.A. Wijngaards
- Re: [dnsext] Clarifying the mandatory algorithm r… Phillip Hallam-Baker
- Re: [dnsext] Clarifying the mandatory algorithm r… Florian Weimer
- Re: [dnsext] Clarifying the mandatory algorithm r… Jelte Jansen
- Re: [dnsext] Clarifying the mandatory algorithm r… Samuel Weiler
- Re: [dnsext] Clarifying the mandatory algorithm r… Brian Dickson
- Re: [dnsext] Clarifying the mandatory algorithm r… Samuel Weiler
- Re: [dnsext] Clarifying the mandatory algorithm r… Samuel Weiler
- Re: [dnsext] Clarifying the mandatory algorithm r… Ondřej Surý
- Re: [dnsext] Clarifying the mandatory algorithm r… Ondřej Surý
- Re: [dnsext] Clarifying the mandatory algorithm r… Ondřej Surý
- Re: [dnsext] Clarifying the mandatory algorithm r… Brian Dickson
- Re: [dnsext] Clarifying the mandatory algorithm r… Ondřej Surý
- Re: [dnsext] Clarifying the mandatory algorithm r… Mark Andrews
- Re: [dnsext] Clarifying the mandatory algorithm r… Brian Dickson
- Re: [dnsext] Clarifying the mandatory algorithm r… Mark Andrews
- Re: [dnsext] Clarifying the mandatory algorithm r… Ondřej Surý
- Re: [dnsext] Clarifying the mandatory algorithm r… George Barwood
- Re: [dnsext] Clarifying the mandatory algorithm r… Jelte Jansen
- Re: [dnsext] Clarifying the mandatory algorithm r… W.C.A. Wijngaards
- Re: [dnsext] Clarifying the mandatory algorithm r… Ondřej Surý
- Re: [dnsext] Clarifying the mandatory algorithm r… Mark Andrews
- Re: [dnsext] Clarifying the mandatory algorithm r… Mark Andrews
- Re: [dnsext] Clarifying the mandatory algorithm r… W.C.A. Wijngaards
- Re: [dnsext] Clarifying the mandatory algorithm r… Mark Andrews
- Re: [dnsext] Clarifying the mandatory algorithm r… Jelte Jansen
- Re: [dnsext] Clarifying the mandatory algorithm r… Doug Barton
- Re: [dnsext] Clarifying the mandatory algorithm r… Mark Andrews
- Re: [dnsext] Clarifying the mandatory algorithm r… Matthijs Mekking
- Re: [dnsext] Clarifying the mandatory algorithm r… Jelte Jansen
- Re: [dnsext] Clarifying the mandatory algorithm r… Mark Andrews
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Ondřej Surý
- Re: [dnsext] Clarifying the mandatory algorithm r… Paul Vixie
- Re: [dnsext] Clarifying the mandatory algorithm r… W.C.A. Wijngaards
- Re: [dnsext] Clarifying the mandatory algorithm r… Matthijs Mekking
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Phillip Hallam-Baker
- Re: [dnsext] Clarifying the mandatory algorithm r… Matthijs Mekking
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Brian Dickson
- Re: [dnsext] Clarifying the mandatory algorithm r… Matthijs Mekking
- Re: [dnsext] Clarifying the mandatory algorithm r… Olafur Gudmundsson
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Alfred Hönes
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Mark Andrews
- Re: [dnsext] Clarifying the mandatory algorithm r… Samuel Weiler
- Re: [dnsext] Clarifying the mandatory algorithm r… Mark Andrews
- Re: [dnsext] Clarifying the mandatory algorithm r… Matthijs Mekking
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Samuel Weiler
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Brian Dickson
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Mark Andrews
- Re: [dnsext] Clarifying the mandatory algorithm r… Samuel Weiler
- Re: [dnsext] Clarifying the mandatory algorithm r… Mark Andrews
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Casey Deccio
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Casey Deccio
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Casey Deccio
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Matthijs Mekking
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Matthijs Mekking
- Re: [dnsext] Clarifying the mandatory algorithm r… Edward Lewis
- Re: [dnsext] Clarifying the mandatory algorithm r… Samuel Weiler
- [dnsext] MAR proposal #1: Algorithm downgrade pro… Samuel Weiler
- Re: [dnsext] MAR proposal #1: Algorithm downgrade… Samuel Weiler
- [dnsext] MAR proposal #2: Allowing pre-publishing… Samuel Weiler
- Re: [dnsext] MAR proposal #1: Algorithm downgrade… Edward Lewis
- Re: [dnsext] MAR proposal #2: Allowing pre-publis… Edward Lewis
- Re: [dnsext] MAR proposal #1: Algorithm downgrade… Mark Andrews
- Re: [dnsext] MAR proposal #1: Algorithm downgrade… Paul Hoffman
- Re: [dnsext] MAR proposal #2: Allowing pre-publis… Paul Hoffman
- Re: [dnsext] MAR proposal #1: Algorithm downgrade… Brian Dickson
- Re: [dnsext] MAR proposal #2: Allowing pre-publis… Marc Lampo
- Re: [dnsext] MAR proposal #2: Allowing pre-publis… Matthijs Mekking
- Re: [dnsext] MAR proposal #2: Allowing pre-publis… Joe Abley
- Re: [dnsext] Clarifying the mandatory algorithm r… weiler