IETF Logo Mail Archive

[dnsext] Re: [Technical Errata Reported] RFC4035 (8037)

"Rose, Scott W. (Fed)" <scott.rose@nist.gov> Fri, 19 July 2024 13:31 UTC

Return-Path: <scott.rose@nist.gov>
X-Original-To: dnsext@ietfa.amsl.com
Delivered-To: dnsext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 248F4C14F619 for <dnsext@ietfa.amsl.com>; Fri, 19 Jul 2024 06:31:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.708
X-Spam-Level:
X-Spam-Status: No, score=-2.708 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FROM_GOV_DKIM_AU=-0.453, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nist.gov
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y-jU_eD4vwFt for <dnsext@ietfa.amsl.com>; Fri, 19 Jul 2024 06:31:14 -0700 (PDT)
Received: from BY5PR09CU001.outbound.protection.outlook.com (mail-westusazon11011017.outbound.protection.outlook.com [52.101.86.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D93CC14F711 for <dnsext@ietf.org>; Fri, 19 Jul 2024 06:31:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=usRQpeUyKcysuVVgNNciwpje/F/9wpMiyXPniAGpCnwbn0bVJVNVlqz8U0B37tHwtrlLjzYMoYsnY2QEm9WRQIaTNKl6dr4yVqBOrmVe1j6OxlLBOY4j8VhEybLA60So7cqNZfuCjQRVXQgUfNqRFD0dW2mAiN3Wx/02eaUiS6PIw7enD9VQm4x6mjHe9Zaop1JAFT0bj+ybugcBjwrrybrAr+bs+cP66hh83qEy+kcN1X1vn+zWy0LVi2lvXWjzn87n5JhlZVW6DKTi7n3MQkPqNaOvGJETF4a3IHAV4UOSztUMldCrGtNTJyL+1usM2xiaPKZ/E6fSmJFe/d7glw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=XgMmiKZreV2o3cGNyHgXiKRm65JpSeJcsz2C8gMLWMM=; b=kWbSua2xCt4YC4NLaxfsPQaWCyQqItcCfKJ+xv93D/xbjuqucbig9pXTi5oz4dQP6XTEDS+3M9A4eYMlS83PTj+eaaGHZLEdXCUKGzWk6d0y+/EvNTkneBYrt46ixHUcmQGnUF00nFTa0xnBV+k27UIBqOMVqk6WQ1ElYpDmjBsE6K0ko6ehqFIOirFrhpyMxkt+HRi1LykS6HJA7PPyUheZ9iQlCoRQKMzCBWFMaxPho5C+/JKsA0uU8DUCelbryoCRHiWKnHbWN/ynkBeMU/UwuACom0TYaO/uirLy80d2CRzw4IR3RFgKy5WrRdTmm+Ur7OhjOaBfk/OzawtVTA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 129.6.18.29) smtp.rcpttodomain=ietf.org smtp.mailfrom=nist.gov; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nist.gov; dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nist.gov; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XgMmiKZreV2o3cGNyHgXiKRm65JpSeJcsz2C8gMLWMM=; b=VyJPB/RLOgxy5+bpRI1L0xVeU38dGiFSK24YDq82kKO+jk5T42yaEu0YsXQX6luLb1Ir56BZl1ArZ7tbpQ6yLQa7r47fdrY34nmvuxwXY2oWh1gaIoMR8ZcdODb3PIMrsII7Dsi81/oCVtGGX5OoIpgXEq2P3JYd4uEHWNe4fuvi0Syv1JF3qu41DZGJHdJbKHD2cfv6DKcSjsZpdFOjVaZQb2f//foWgqVorfZ4rMcwAVGejnPPooawjNfx2xO/CYOZkwgd/f87Kjjykp1qcC/nbAZaw8NyO4ari4T1xzmL28aJVAH0fFzoIw+SETIe06b8Y5cJ2CmxC3/vYJKBZg==
Received: from CY5PR09CA0029.namprd09.prod.outlook.com (2603:10b6:930:1::10) by DS0PR09MB11611.namprd09.prod.outlook.com (2603:10b6:8:178::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.17; Fri, 19 Jul 2024 13:31:10 +0000
Received: from DS4PEPF0000016F.namprd09.prod.outlook.com (2603:10b6:930:1:cafe::48) by CY5PR09CA0029.outlook.office365.com (2603:10b6:930:1::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.18 via Frontend Transport; Fri, 19 Jul 2024 13:31:10 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 129.6.18.29) smtp.mailfrom=nist.gov; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nist.gov;
Received-SPF: Pass (protection.outlook.com: domain of nist.gov designates 129.6.18.29 as permitted sender) receiver=protection.outlook.com; client-ip=129.6.18.29; helo=smtp1.nist.gov; pr=C
Received: from smtp1.nist.gov (129.6.18.29) by DS4PEPF0000016F.mail.protection.outlook.com (10.167.18.197) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7784.11 via Frontend Transport; Fri, 19 Jul 2024 13:31:09 +0000
Received: from [129.6.222.67] ([129.6.222.67]) by smtp1.nist.gov with Microsoft SMTPSVC(10.0.14393.4169); Fri, 19 Jul 2024 09:31:09 -0400
From: "Rose, Scott W. (Fed)" <scott.rose@nist.gov>
To: Elias Heftrig <elias.heftrig@sit.fraunhofer.de>
Date: Fri, 19 Jul 2024 09:31:09 -0400
X-Mailer: MailMate (1.14r5937)
Message-ID: <B75EDCC4-87AF-4733-A63A-E7A1515BEF9E@nist.gov>
In-Reply-To: <b705f274-3e69-4dcd-98b0-023165aee7d3@sit.fraunhofer.de>
References: <20240718154431.808BD7FA60@rfcpa.rfc-editor.org> <A1D2718C-186F-4D80-A148-C4A9973F78B6@hactrn.net> <51FBDFB8-263C-41D8-9BDF-BD67A26DF998@nist.gov> <b705f274-3e69-4dcd-98b0-023165aee7d3@sit.fraunhofer.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-OriginalArrivalTime: 19 Jul 2024 13:31:09.0144 (UTC) FILETIME=[EA39C580:01DAD9DF]
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS4PEPF0000016F:EE_|DS0PR09MB11611:EE_
X-MS-Office365-Filtering-Correlation-Id: 8bd85d1e-6880-4172-1486-08dca7f70d35
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;ARA:13230040|1800799024|82310400026|36860700013;
X-Microsoft-Antispam-Message-Info: mwaCwUFuJc1H9O1mkJxpz+DSNAVmPyPBHgGyMRvrZ6/b2qjsF5qh10UTEKIz8BFAwPC22j1D9IkrFaOcpQlsKWd7ZKvNZw6KXS+AYhxe0ycCavOw9AloZeh4ztdlx9Uwlh/6zKgfxRsWTsviQcIoUnOJ/F/RXy0XdaomeHcMqoweZCXKce/K32/ReQe+LYiakEGl4aLQ1haO2TN6jlALtLs3uHAvjoTAaj0eSd0jBFvU73ZPwhjdeRTvuiqXeIfKTlVtjaql+Qa1lwlqkLtTgQErAsxjs9i0Ma8w2soxVUvXFKJ2uOqmKRDqe+NMOzc3E/WK4n/53CIda9En7jMOTnliVLi7ZtlkQQq8eDY7MYpdUHUFqegKR0W4A/KJ0fiduyHKQtSKA119ch4jDs2gG/mV7e5gAiFoXKhQW/D+bcdiZGbAOEBoqo2P4i93PlM4kyLa2U0rhbB0ZNmslOUlNeylYirakQ1ci/2SMbuYIFoANj88kOs9EfkQ1pRWBylJPlbdBBCvOypItBQa3d/liN53LQUUPAtjjU3XWvaGkowIITHsIPAmoP75mTfLcg6UO2GQ77+UqSJQn9MfAIRXQFGX7LdS/FsFHRM0FzJNDCUYSjG+2t0MjeKt370ow27fXwi6RyQHSortV+XiX3gKZ5q+e7nbY4kP7m92f/N8muln33foM7HD3rcmatE5FE01UqKhdJH5I+yH5fAmGTAuSOpgxHFradZZcXuoirBC/UUSYF8rSe5e7icdONZFnGYKlx5hOv3VVRHkb3dqERlho1jrR6HiFX7uDvum/lmrZjOcdt6CMP2vo1L+jDjcf/j155tuLNQ//lb11Xypj/VW1sAF1l9F/oDZP02PvK7ItipGApGam7k9fhZkn3Kzj93v7VDPHVy6LA+2C4zYxPwDfzgL/Hl4hBZh91Tr9HqXXmwJP/8nfZAK+fyvrVD2VJfNr5XG/11SNYZzHTOPCK2JVRa/b00CwfejUvU3NUlaCzcHsW/IpYKIpsO7lInTSWrQ64YzmcLKyIuUtFy0nxf8aTzeCbTLC+r9MojkVxCD3jkYkBIVV3rg88CmkS9LZ2tfPLydGW4ULv6pVUKPGraOjEk/z30EwMCubqn4SQnrnxwlCF1X2mUIn72dqNjbKEz7+Kdh6LobEBla0p6M74wgPQvFiouLVs7JVNsvGXAoguPdvesFdLeYdHcnrvIWc5Rz+owVAuWpdvVjT/3j+hbGZ4USSaBT6UVE5wYvZZzIkpkcUXz78AhgfN0IEkaW5JqFXeKiUKBiUZ2LVGDo8fcLZ97DdA+pVS+OQQnztsuFso/s5/016iMvXl62iEcwLZfX4A6ldTl88yFkAx89mG3sx3BhktfeCY9+CFxVuJPvl2lTt6z+qCn663FEFhTIpPxq9Q/hlpO9zpj3xfopXfx06c2Z1EEnrKjZqfsVLaVrum9FRA+ILCrCx1uW6i9TzCei
X-Forefront-Antispam-Report: CIP:129.6.18.29;CTRY:US;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:smtp1.nist.gov;PTR:smtp1.nist.gov;CAT:NONE;SFS:(13230040)(1800799024)(82310400026)(36860700013);DIR:OUT;SFP:1101;
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2024 13:31:09.9329 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 8bd85d1e-6880-4172-1486-08dca7f70d35
X-MS-Exchange-CrossTenant-Id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=2ab5d82f-d8fa-4797-a93e-054655c61dec;Ip=[129.6.18.29];Helo=[smtp1.nist.gov]
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: TreatMessagesAsInternal-DS4PEPF0000016F.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR09MB11611
X-MailFrom: scott.rose@nist.gov
X-Mailman-Rule-Hits: max-recipients
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsext.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-size; news-moderation; no-subject; digests; suspicious-header
Message-ID-Hash: VSESYIZLM5MHQ7SCJXGKAQMBSXXULM5F
X-Message-ID-Hash: VSESYIZLM5MHQ7SCJXGKAQMBSXXULM5F
X-Mailman-Approved-At: Fri, 19 Jul 2024 19:44:05 -0700
CC: Rob Austein <sra@hactrn.net>, RFC Errata System <rfc-editor@rfc-editor.org>, sra@isc.org, massey@cs.colostate.edu, ek.ietf@gmail.com, evyncke@cisco.com, ogud@ogud.com, dnsext@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [dnsext] Re: [Technical Errata Reported] RFC4035 (8037)
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsext/Ps5EOUCbuDb6SLYC-_Rz9WHdgJI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsext>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Owner: <mailto:dnsext-owner@ietf.org>
List-Post: <mailto:dnsext@ietf.org>
List-Subscribe: <mailto:dnsext-join@ietf.org>
List-Unsubscribe: <mailto:dnsext-leave@ietf.org>

Elias,
My question was more IETF process than technical and how best to do the update so it won’t cause confusion to resolver and validator implementors.  Since this is a validation logic flaw and not just a query issue.

Additionally, if the WG (or community at this point, since the DNSEXT WG is basically concluded) thinks there should be a draft to clarify things that might be better in the long run but not for the change needed to address the KeyTrap vulnerability right now.  Or can the errata process be used to fix a discovered flaw in the protocol RFC if the RFC reflects the original consensus?

Unfortunately, I won’t be at the IETF in person due to budget constraints. I will be following virtually.

Scott

On 18 Jul 2024, at 16:49, Elias Heftrig wrote:

> Hey Scott, the issue is in fact pretty fundamental:
>
> Aside from the load implied by NSEC3 iteration counts and a general warning about DoS-by-crypto attacks in the security considerations of RFC4033, the CPU resource requirements of validation have not been addressed much by the DNSSEC specification. Other than that there is a general instruction for DNS resolvers in RFC1035 (Section 7.1.) to "limit the amount of work", which a resolver will do in response to a client request (contextualized with retransmissions, timeouts and circular CNAMEs). However, a) the question is how much that would apply to other DNSSEC validators (a DANE client, possibly?); and b) the number of validations is technically already "limited" (in a "non-infinite" sense) by transport constraints - though obviously not limited to a sufficient degree.
>
> In any case it appears reasonable to extend the basic approach of the RFC1035 requirement to DNSSEC validation as well, and a fair share of the patches to CVE-2023-50387 do so, but that entails a whole bunch of follow-up questions: What are the implications of introducing such limits (currently chosen locally at deployments!) on the resolver/domain sides and for scalability of DNS as well as future protocol development...? How much should specification regulate resource consumption at implementations in the first place? If we introduce per-query limits to the specification, how should they be quantified? There would certainly be enough material to fill an RFC on the regulation of DNSSEC validation CPU requirements, though at the risk of adding a (prohibitive) lot of complexity to an already complex protocol.
>
> Before I go down the rabbit hole here: We will be attending IETF120 next week and are having a talk on this topic at the co-located ANRW ("Protocol Fixes for KeyTrap Vulnerabilities"). If anyone of you is attending IETF120 as well, we would love to hear your opinion and discuss matters with you there.
>
>
> Regarding the proposed errata:
>
> The requirement to try all possible DNSKEYs and the requirement to validate all RRsets in an ANY-type answer (see the additional erratum 8038 for RFC6840) are both MUST requirements. Since they are "absolute specification requirements" (RFC2119) and imply an (un-)certain amount of work, it appears imperative demoting them to SHOULD.
>
> Furthermore, supported by the abundance of implementations, which were vulnerable to CVE-2023-50387, a rigorous specification-side guidance on limiting CPU resource consumption - or at least a clear word of warning located at the relevant requirements in the specification - would certainly be beneficial. (Honorable mention here: RFC6840 Section 5.4 "a resolver SHOULD [...] only determine that an RRset is Bogus if all RRSIGs fail validation.")
>
> Arguably, MUST requirements (and SHOULD, to a degree) should be "no-brainers", at least to the extent of not being harmful if they are followed literally.
>
> Best, Elias
>
> On 18.07.24 19:03, Rose, Scott W. (Fed) wrote:
>> So would the process here be to have an update to RFC 4045?  It sounds like it.  Plus that gives space to provide more guidance to implementors that just “SHOULD”.  For instance - is there an upper bound on the number of keys tried?
>>
>> I know that sounds like a lot of overhead for changing what is one keyword at first, but I think this might deserve more than just changing a MUST to a SHOULD.
>>
>> Scott
>>
>> On 18 Jul 2024, at 12:39, Rob Austein wrote:
>>
>>> This is interesting, but I don't think it's an erratum. The text says what the WG intended: if one is attempting to validate the signature, one MUST try them all until one succeeds or one runs out of keys to try.  I believe the reporter is requesting a technical change based on recent analysis, which is a worthy topic for discussion but is not an erratum. Take it to the WG.
>>> -- 
>>> Sent from a phone, please excuse typos and brevity
>>
>> =====================================
>> Scott Rose
>> NIST/CTL/WND
>> scott.rose@nist.gov
>> ph: 301-975-8439
>> GoogleVoice: 571-249-3671
>> =====================================


=====================================
Scott Rose
NIST/CTL/WND
scott.rose@nist.gov
ph: 301-975-8439
GoogleVoice: 571-249-3671
=====================================

v2.37.1 | Report a Bug | By Email | System Status