IETF Logo Mail Archive

Re: [dnsext] Clarifying the mandatory algorithm rules

Brian Dickson <brian.peter.dickson@gmail.com> Fri, 10 December 2010 12:28 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsext@core3.amsl.com
Delivered-To: dnsext@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A2AD53A6AED for <dnsext@core3.amsl.com>; Fri, 10 Dec 2010 04:28:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.021
X-Spam-Level:
X-Spam-Status: No, score=-3.021 tagged_above=-999 required=5 tests=[AWL=0.578, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SFjZyuG2rXGP for <dnsext@core3.amsl.com>; Fri, 10 Dec 2010 04:28:36 -0800 (PST)
Received: from mail-fx0-f43.google.com (mail-fx0-f43.google.com [209.85.161.43]) by core3.amsl.com (Postfix) with ESMTP id 63A3B28C0D9 for <dnsext@ietf.org>; Fri, 10 Dec 2010 04:28:33 -0800 (PST)
Received: by fxm18 with SMTP id 18so3561716fxm.16 for <dnsext@ietf.org>; Fri, 10 Dec 2010 04:30:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=P2ABcV/nI6JPUkfG/eFUQuBiaIMYqmKxLeEKfGIIWJg=; b=ItQmjXG2LUpBEmbX99rPFHbFpGrtsHUZoEMggmo9Lp4EzJr/e/FCzLbOFwmo1XO0c0 4lCwCs2pA1uJk6G4MIA2kOS81kSMo3qF3PWcaBGBmG4pS51/vKJYlm4zXtjz025Bxj5k K58Tp5+mNJ7F/fHNPM5mugXCcGcFpEg3t/A3s=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=SS9yHlTCJrRiB2dLyOp0vHnXSHd/uWn0biwdJ7fXCwuMHCkzBEDRUkSL1nzKXiiw5Y ReS4cs+++AOixJHmbdoZz5181HrsTt3RwxhEgS0aL2ODn9kN1ZB6PNFvHrcFsLSxj9qX sTgztf/H9+c/ir6EDukxKcC60gjSY/VZoboFk=
MIME-Version: 1.0
Received: by 10.223.104.145 with SMTP id p17mr713787fao.105.1291984203795; Fri, 10 Dec 2010 04:30:03 -0800 (PST)
Received: by 10.223.111.142 with HTTP; Fri, 10 Dec 2010 04:30:03 -0800 (PST)
In-Reply-To: <4D01EE19.3060006@nlnetlabs.nl>
References: <alpine.BSF.2.00.1011180553250.83352@fledge.watson.org> <4CE51293.5040605@nlnetlabs.nl> <a06240801c9101620d463@192.168.128.163> <22284.1290447209@nsa.vix.com> <4CF4D54B.5000407@nlnetlabs.nl> <4D00A86D.1040304@nlnetlabs.nl> <a06240800c9268ae26e12@192.168.1.104> <4D00F385.4010405@nlnetlabs.nl> <a06240801c926a690eaef@10.31.200.118> <4D01EE19.3060006@nlnetlabs.nl>
Date: Fri, 10 Dec 2010 08:30:03 -0400
Message-ID: <AANLkTimdtUXHrEw5-YYFDsg=24Zff31PDq63k968Rty=@mail.gmail.com>
From: Brian Dickson <brian.peter.dickson@gmail.com>
To: Matthijs Mekking <matthijs@nlnetlabs.nl>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Edward Lewis <Ed.Lewis@neustar.biz>, dnsext@ietf.org
Subject: Re: [dnsext] Clarifying the mandatory algorithm rules
X-BeenThere: dnsext@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: DNS Extensions working group discussion list <dnsext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsext>
List-Post: <mailto:dnsext@ietf.org>
List-Help: <mailto:dnsext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsext>, <mailto:dnsext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Dec 2010 12:28:38 -0000

On Fri, Dec 10, 2010 at 5:08 AM, Matthijs Mekking <matthijs@nlnetlabs.nl> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 12/09/2010 04:47 PM, Edward Lewis wrote:
>> At 16:19 +0100 12/9/10, Matthijs Mekking wrote:
>>
>> So, so what if I say DNSSEC is not there to protect the zone operator.
>> Why does that mean that MUST is wrong?  The rationale is that no matter
>> what you do, local policy is going to be followed. Local policy is going
>> to prefer quick resolution of the query. Requiring DNSSEC to do extra or
>> extraneous work is not constructive - by that I mean, once you've gotten
>> a chain of trust why keep trying to find faults?  DNSSEC is not designed
>> to be the last line of defense.
>
> The additional work is there for algorithm compromise protection. And as
> I argued before, yes it is local policy to let the validator fallback to
> "One Signature Is Enough". But it is kind of insane to me to have a
> local policy that says 'allow badly signed zones'.

I think there are two issues here.

One is, whether all signatures are of equal importance.

I'd say, SEP-related signatures (DS signatures, DNSKEY signatures) are much
more critical, and should receive maximum protection, performance
notwithstanding.

I'd also say,  the fewer labels there are, the more important, for the
same or similar reasoning.
The higher up the food chain, the bigger the target painted on the zone.

The second is, that accepting just *any* (valid) signature, means the
following consequence occurs:
If *I* choose which signature to check, the bad guy trying to spoof
the signature risks detection.
If the bad guy chooses (by ensuring only his spoofed signature will
validate, by stripping others
or replacing others with bad signatures), he can guarantee avoiding detection.

Even adding a randomization among known algorithms, and insisting that
a match must occur for that,
adds the probability of detection, without adding to the crypto burden
of the validator.

And something else that bothers me:

If $implementation does detect a validation failure, which in theory should not
be possible, what about signaling this to the zone owner/operator?

The zone itself might not be broken, but merely be under attack from
an off-axis attacker.
Or, the zone might be broken. There is no way for the validator to
know, and no way for
the owner/operator to currently discover this (automatically).

Should this be addressed? If so, how?

Brian

v2.37.1 | Report a Bug | By Email | System Status