Re: [DNSOP] DNS cookies and multi-vendor anycast incompatibility
Mark Andrews <marka@isc.org> Thu, 21 June 2018 15:02 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1206C130EA4 for <dnsop@ietfa.amsl.com>; Thu, 21 Jun 2018 08:02:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tF-NNORuYw4x for <dnsop@ietfa.amsl.com>; Thu, 21 Jun 2018 08:02:03 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 394CE1292AD for <dnsop@ietf.org>; Thu, 21 Jun 2018 08:02:03 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id CACAF3AB001; Thu, 21 Jun 2018 15:02:02 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 91F1816006B; Thu, 21 Jun 2018 15:02:02 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 6EE4C16006A; Thu, 21 Jun 2018 15:02:02 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id LWGaLHwuspOK; Thu, 21 Jun 2018 15:02:02 +0000 (UTC)
Received: from [172.30.42.90] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 37A7F16003D; Thu, 21 Jun 2018 15:02:01 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <4913e6c8-4e79-fc59-9124-a44428031b4b@nic.cz>
Date: Fri, 22 Jun 2018 01:01:58 +1000
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>, Daniel Salzman <daniel.salzman@nic.cz>
Content-Transfer-Encoding: quoted-printable
Message-Id: <A7452059-42BF-42ED-80C1-D19E4B5C91E6@isc.org>
References: <c70f058c-8e82-f905-e352-f3e2fd0d4cfc@nic.cz> <alpine.LRH.2.21.1806201006530.6077@bofh.nohats.ca> <107c3532-a07d-9821-70ab-94c00a9dd2f0@nic.cz> <9A860D2F-C02D-4D89-B54D-7FDA9823101B@isc.org> <4913e6c8-4e79-fc59-9124-a44428031b4b@nic.cz>
To: Petr Špaček <petr.spacek@nic.cz>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/-B9Z7SSNYMeKydZr4oyX0u-1jc0>
Subject: Re: [DNSOP] DNS cookies and multi-vendor anycast incompatibility
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Jun 2018 15:02:06 -0000
> On 21 Jun 2018, at 5:24 pm, Petr Špaček <petr.spacek@nic.cz> wrote: > > On 20.6.2018 23:01, Mark Andrews wrote: >>> On 21 Jun 2018, at 12:25 am, Petr Špaček <petr.spacek@nic.cz> wrote: >>> >>> On 20.6.2018 16:10, Paul Wouters wrote: >>>> On Wed, 20 Jun 2018, Petr Špaček wrote: >>>> >>>>> it seems that current specification of DNS cookies in RFC 7873 is not >>>>> detailed enough to allow deployment of DNS cookies in multi-vendor >>>>> anycast setup, i.e. a setup where one IP address is backed by multiple >>>>> DNS servers. >>>>> >>>>> The problem is lack of standardized algorithm to generate server >>>>> cookie from a shared secret. In practice, even if users manually >>>>> configure the same shared secret, Knot DNS and BIND will use diffrent >>>>> algorithm to generate server cookie and as consequence these two >>>>> cannot reliably back the same IP address and have DNS cookies enabled. >>>>> >>>>> One of root server operators told me that they are not going to enable >>>>> DNS cookies until it can work with multi-vendor anycast, and I think >>>>> this is very reasonable position. >>>>> >>>>> So, vendors, would you be willing to standardize on small number of >>>>> server cookie algorithms to enable multi-vendor deployments? >>>> >>>> I think this is a good idea but there are already two examples in RFC >>>> 7873 for cookie generation. Is there a problem with those examples, or >>>> is there only a lack of options in the implementation to configure >>>> these? If the latter, than no new IETF work would be needed. >>> >>> These are mere examples and not specifications with all the details >>> necessary for reliable interoperability. >> >> The server cookie examples have all the details required to build a interoperable >> implementation. i.e. with the same inputs you will get the same outputs. > > Sorry, I still do not think it is sufficient for interoperable > implementations for multiple reasons: > > - Let's assume that serverA has time limit for cookie freshness "1 hour" > and the serverB in the same anycast cluster "2 hours". This will produce > unnecessary BADCOOKIE errors from time to time. Your worried about a client that hasn’t talked to the anycast cluster for a hour getting a BADCOOKIE? Knit picking to the extreme. > - It is not specified how "Time" sub-field in B.2. is encoded on the > wire so it is not guaranteed that two different implementations will > decode the value in the same way. > (Is it in integer seconds? Unix timestamp? Signed or unsigned? How do we > handle rollover over 0xFFFFFFFF? …) It is the seconds since Jan 1 1970 ignoring leap seconds in named. Serial arithmetic will be fine for the rollover in 2038 or you can just use a straight unsigned modulus value and have a extra BADCOOKIE per client during the first hour. > - Besides data format we need to explicitly state if sub-fields are big > endinan (I guess) or not, etc. We used network byte order like every other field in the DNS. > Also, let me ask why BIND decided to use AES by default instead of > HMAC-SHA256-64 described in the RFC? Because it is faster and unless you are running a anycast cluster it doesn’t matter what algorithm is being used as all you need to be able to do is handle your own output being returned to you. BIND implements 2 or 3 hashes. How many depends on what version of OpenSSL it is linked against does it have AES support or not. AES is used to generate a HASH which is actually documented in RFC 7873. There is no “hiding” the cookie from from the attacker. > For me it is appealing to hide > content of the cookie from attacker eyes but I'm not willing to > implement something without proper description and understanding > (cargo-cult algorithms instead of spec, anyone? :-). > > > So let me ask again: > Are other vendors willing to work on sufficiently detailed > specification? If not just say it! > > In that case I will be happy to reply to our friendly root operator that > it is not going to happen, and consequently throw away code for cookies > from Knot Resolver. I do not see value in it without interoperable spec, > just maintenance costs. > > Petr Špaček @ CZ.NIC > > >>> E.g. when a cookie is "old" according to B.2.? >>> E.g. are there privacy considerations with plain HMAC vs. encryption? >> >> >>> Besides this, BIND defaults to AES-based algorithm which is not >>> specified in the RFC and Knot DNS has its own because developers >>> considered the BIND's approch overkill. >>> >>> If we decide to standardize we need to find a reasonable algorihm and >>> standardize all its variables to make it work without run-time >>> synchronization (posssibly except key rotation but it can be done >>> avoided as well). >>> >>> This message is for other DNS vendors to see if there is an interest in >>> standardizing something we can all share and operators use in practice. >>> >>> -- >>> Petr Špaček @ CZ.NIC -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Daniel Salzman
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Daniel Salzman
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Mark Andrews
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Mark Andrews
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Mukund Sivaraman
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Warren Kumari
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Mark Andrews
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Mark Andrews
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Mark Andrews
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Petr Špaček
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Donald Eastlake
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Ondřej Surý
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Petr Špaček
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Mark Andrews
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Petr Špaček
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Paul Wouters
- [DNSOP] DNS cookies and multi-vendor anycast inco… Petr Špaček
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Mukund Sivaraman
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Warren Kumari
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Evan Hunt
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Evan Hunt
- Re: [DNSOP] DNS cookies and multi-vendor anycast … Petr Špaček