NSEC+-epsilon (whitelies server) proof of concept.
"Olaf M. Kolkman" <olaf@ripe.net> Mon, 29 November 2004 11:35 UTC
Received: from psg.com (mailnull@psg.com [147.28.0.62]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA08640 for <dnsext-archive@lists.ietf.org>; Mon, 29 Nov 2004 06:35:28 -0500 (EST)
Received: from majordom by psg.com with local (Exim 4.43 (FreeBSD)) id 1CYjiX-0005cj-US for namedroppers-data@psg.com; Mon, 29 Nov 2004 11:29:17 +0000
Received: from [193.0.0.199] (helo=postman.ripe.net) by psg.com with esmtp (Exim 4.43 (FreeBSD)) id 1CYjiW-0005cW-Ut for namedroppers@ops.ietf.org; Mon, 29 Nov 2004 11:29:17 +0000
Received: by postman.ripe.net (Postfix, from userid 8) id 5546C25335; Mon, 29 Nov 2004 12:29:16 +0100 (CET)
Received: from birch.ripe.net (birch.ripe.net [193.0.1.96]) by postman.ripe.net (Postfix) with ESMTP id 5843424237 for <namedroppers@ops.ietf.org>; Mon, 29 Nov 2004 12:29:15 +0100 (CET)
Received: from x50.ripe.net (x50.ripe.net [193.0.1.50]) by birch.ripe.net (8.12.10/8.11.6) with SMTP id iATBTFLE014945 for <namedroppers@ops.ietf.org>; Mon, 29 Nov 2004 12:29:15 +0100
Date: Mon, 29 Nov 2004 12:29:15 +0100
From: "Olaf M. Kolkman" <olaf@ripe.net>
To: namedroppers@ops.ietf.org
Subject: NSEC+-epsilon (whitelies server) proof of concept.
Message-Id: <20041129122915.0c621b43.olaf@ripe.net>
Organization: RIPE NCC
X-Mailer: Sylpheed version 0.9.11 (GTK+ 1.2.10; i686-pc-linux-gnu)
Mime-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
X-RIPE-Spam-Tests: ALL_TRUSTED,BAYES_00
X-RIPE-Spam-Status: N 0.155060 / -5.9
X-RIPE-Signature: f9c257eabba27775cc5da5d9e70d5d5e
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on psg.com
X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00 autolearn=ham version=3.0.1
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
Content-Transfer-Encoding: 7bit
Dear Colleagues,
<hat chair=off geek=on>
I have implemented a "proof-of-concept" server for the "white lies" scheme.
Although there are a number of optimizations one can do I have found
this server to interoperate with a bind verifying nameserver.
Rough outline.
The sever itself is a proxy implemented in perl. After applying some
local policy it will forward all its queries to a BIND nameserver that
serves a specially prepared zone. Based on the answer being a wildcard
match, a NOERROR/empty answer match or an NXDOMAIN match the proxy
will cook up the appropriate NSEC white lies that "surround" the query.
The nearest successor and predecessor are determined as in
draft-sisson-dnsext-dns-name-p-s (with specification bugs corrected
and reported to the author) without any possible optimizations.
In more detail.
The zone preparations is done as follows.
An input zone is stripped from all its security related RRs (RRSIG,
NSEC, and DNSKEY). For each domain name "dname" in the zone that is
not a delegation a "dname+epsilon TXT " RR is created.
To this zone the keyset needs to be appended an then the zone is
signed through the regular BIND dnssec-signzone signer.
After the signing process all RRs with owner name "dname+epsilon" are
stripped. The result is a signed zone with NSEC RRs pointing to
"dname+epsilon" instead of the next dname.
This zone is loaded on a BIND nameserver running on a private address.
When the proxy receives a query it will return a "REFUSE" if the query
name contains "\000" or "\255" in one of its labels. This policy is
not strictly needed but it is to address the issue that the the NSEC
next name should be part of the zone. By refusing queries for the
names that contain the "maximum and minimum sort values" that have
been inserted in the +-epsilon process, we "weasel" our way out of the
question if these names are or are not in the zone, the client will
just never be able to know because of our policy.
The proxy will forward its question to the BIND nameserver.
If the answer returned from the authoritative BIND server is a "No
Data" error:
- the server take the packet coming from the BIND backend server
and strip all NSECs and their RRs if the owner name is not the
same as the qname and which are not owned by wildcard names (this
preservers the NSEC RRs generated in the preprocessing phase and
that are relevant for the proof).
- It will then assess if the query was terminated in a wildcard
match and add proof for non-existence of the direct match against
the qname (it generates a name error) and return the answer to the
client.
- If the no data error was due because of a match against an empty
non-terminal then a qname-epsilon NSEC qname+epsilon RR will be
added to the proof to the client.
If the answer returned from the authoritative BIND server is a "name
error" (NXDOMAIN).
- A proof qname+epsilon NSEC qname+delta NULL proof will be supplied.
the delta is somewhat bigger than the epsilon, that is qname+delta
is the first successor of qname that does not prepend a label.
More detail you can find in the source which is available at
http://www.kolkman.org/NSECepsilon/
The proxy runs at 193.0.3.29. It is authoritative for eg.secret-wg.org. There
exists a secure delegation from secret-wg.org.
Some of the zone content (not all, the challenge is to enumerate it and
provide me with the zone content :-) )
*.foo 10 TXT "Wildcard match *.foo"
bla.foo 10 TXT "direct match bla.foo"
*.bla.foo 10 TXT "direct match *.bla.foo"
hidden.foo 10 TXT "direct match hidden.foo"
foo 10 TXT "direct match foo"
ifeelso.empty 10 A 10.0.0.1
Please let me know if you think I overlooked an important protocol
feature or you find incorrect proofs. The whole point of this
exercise is to proof this can be done.
TODO:
There are a number of optimizations one can do based on the zone content
and structure. This has not been done yet.
</hat>
-- Olaf
---------------------------------| Olaf M. Kolkman
---------------------------------| RIPE NCC
--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>
- NSEC+-epsilon (whitelies server) proof of concept. Olaf M. Kolkman
- Re: NSEC+-epsilon (whitelies server) proof of con… Olaf M. Kolkman