IETF Logo Mail Archive

Re: [DNSOP] Second Working Group Last Call for: Message Digest for DNS Zones

Michael StJohns <msj@nthpermutation.com> Fri, 22 May 2020 19:30 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8A96A3A0A56 for <dnsop@ietfa.amsl.com>; Fri, 22 May 2020 12:30:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xgun4PSvWH8r for <dnsop@ietfa.amsl.com>; Fri, 22 May 2020 12:30:12 -0700 (PDT)
Received: from mail-qt1-x82e.google.com (mail-qt1-x82e.google.com [IPv6:2607:f8b0:4864:20::82e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B27763A053F for <dnsop@ietf.org>; Fri, 22 May 2020 12:30:12 -0700 (PDT)
Received: by mail-qt1-x82e.google.com with SMTP id a23so9238195qto.1 for <dnsop@ietf.org>; Fri, 22 May 2020 12:30:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20150623.gappssmtp.com; s=20150623; h=subject:from:to:cc:references:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=2lCpqEPA1YvWdB3S+4vzX+W8GsnqNS0ufBxdIKeTC+Y=; b=vskvOQVsyKF9KUw4tSs8MTWgReLIp11GopQUrK3P/XY9ZU/L8pVSgkOSnSSscY6/jl t64YGDbuZV50db6c22NyGUUY/ORZjpYOR90F2yka1aL3TykPyk5+wyFl8WT5P0kHG8dj hGhVAtLrrYikzK2kMXy+Px/a0FW/WVUnx0mibmkEQOe4OaYJDJhOmlsG4Yo2SuxCv+60 gSUDDIOvUG88yNSFeNhUHyAe7HdiXj3LKR1/zi8p3h4pAaXaMvW6SoF7NCAMOAadOgoH nDxyeys7RmFNGovYamI79fs2GBm0Db6vTxXcvPXjOhnx+oXb6QZMapNrEOD+VFPxKsi1 wBVQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:from:to:cc:references:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=2lCpqEPA1YvWdB3S+4vzX+W8GsnqNS0ufBxdIKeTC+Y=; b=nvKNfo8fXmxKJBzyOq77KUmFLPsi1QVRH8kRrXAigL2zZagE/+tbQCIs9HIZkhD2l4 OZ+dzawXxstNat/xZqgV5FtDutELP82rOK0qGE17I6/+Qzq1hrUWp7dc9+YNBpVp9af8 8r9Mz0UG1xGFJkz64lqWvhCmibr1gUFsnqmisJJmLk2bq9rT5Pz0aAV8XXo8neCCmA87 4ahCTo1fo2PWOgzPlrytSfDL+OHcF/rPTyo5FkinF49zdrLEInlPnsMcW0daC8oOIXg+ G8mEH0zT9MIMlE4wmPA7nh6MMbIkrKnMsQCbTb0iLjmDcDi15xFJF3RZEWmCtAIWLoYD SB3Q==
X-Gm-Message-State: AOAM530WULXYMaSu7mTxCg6HJu6wWRQYnJopm24+aE2f9W1lYEPm0Je6 7gtCbZNbvxKgrsFRj1fHylqaLuCflG+vYw==
X-Google-Smtp-Source: ABdhPJwk7yweA45Rzf80K3mkSrjaUDgHDsn2GWwn2HnRvYA8VbDZYjKPFJvB5x9urwRv9hImDmCiZw==
X-Received: by 2002:ac8:2f50:: with SMTP id k16mr17857439qta.392.1590175810450; Fri, 22 May 2020 12:30:10 -0700 (PDT)
Received: from [192.168.1.115] (pool-71-163-188-115.washdc.fios.verizon.net. [71.163.188.115]) by smtp.gmail.com with ESMTPSA id 190sm8346448qke.104.2020.05.22.12.30.09 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 22 May 2020 12:30:09 -0700 (PDT)
From: Michael StJohns <msj@nthpermutation.com>
To: "Wessels, Duane" <dwessels@verisign.com>, Dick Franks <rwfranks@gmail.com>
Cc: Mark Andrews <marka@isc.org>, Tim Wicinski <tjw.ietf@gmail.com>, IETF DNSOP WG <dnsop@ietf.org>
References: <CADyWQ+GDfbaAKz9iAWVH=TP=2A3hr9iGhTarayAEjgF5TrnvXQ@mail.gmail.com> <CAKW6Ri6YbMKquv7sMqK5D4OH7Z=h-zuvmUXqfUG2NpJdu91ooA@mail.gmail.com> <EA3EFDEF-ED88-4918-A49E-4832CBFA9C5E@isc.org> <CAKW6Ri4nVn78LfL_tL8G956gM23JWBJ7HJ3A5L4nqntmyAQRjw@mail.gmail.com> <93E835F5-5421-4343-9D2B-A88937675E0A@verisign.com> <6aeded6f-e0eb-063b-a3f1-f33402b21c3a@nthpermutation.com>
Message-ID: <8387bcfe-6386-77ba-9db7-1326645ec8d4@nthpermutation.com>
Date: Fri, 22 May 2020 15:30:07 -0400
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <6aeded6f-e0eb-063b-a3f1-f33402b21c3a@nthpermutation.com>
Content-Type: multipart/alternative; boundary="------------CCA00D6C9363C57EBE9486EC"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/1o8JEiKNFKr-Vk5zOPykNiuaORg>
Subject: Re: [DNSOP] Second Working Group Last Call for: Message Digest for DNS Zones
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 May 2020 19:30:18 -0000

Hi -

With the change to remove ZONEMD from the calculation (apparently in 
-06), I no longer have any objections related to future proofing.

But, with the change, the text needs some additional clean up.

Instead of the current section 3 - use something like this:

 >>
3. Updating the Zone for ZONEMD RRs

3.1 "Step 1 - remove any existing apex ZONEMD RR from the zone"

3.2 "Step 2 - for each scheme, form a canonical representation of the 
zone according to the scheme.  The canonical representation for the 
SIMPLE scheme is listed in <> below."

3.3S "Step 3 (SIMPLE):  For each digest type in the SIMPLE scheme, 
calculate the digest over the canonical representation and form the 
appropriate ZONEMD RR for later inclusion" [Note: Other Schemes may have 
other processing at this point]
3.3O "Step 3(Other): For any other scheme/digest pair form the 
appropriate ZONEMD RRs and it them to the set for later inclusion.

3.4. "Step 4: Add each of the ZONEMD RRs formed in step 3 to the zone"

3.5. "Step 5 (Optional):  Sign the zone adjusting NSEC/NSEC3 records as 
appropriate to account for the existence of the ZONEMD RRSet".


4. Canonical representation and Digest Calculation for the SIMPLE 
scheme. (move the  old 3.3, 3.4 and 3.5 sections under this heading).
 >>


Note:   The presence or absence of _provable_ DNSSEC for the ZONEMD RRs 
is irrelevant to whether or not the zonemd rr set can be verified.  It 
would seem to me that if you have a chain of DNSKEY RRs back to a trust 
point, you can verify the zonemd RR whether or not the zone claims the 
records should exist.     NSEC records say that the record SHOULD exist, 
but AFAICT NSEC records aren't actually checked if the records do 
exist.  That may have changed from the original model, but I mention it 
with respect to  section 4, first bullet which reads as if the 
expectation is the important thing rather than actual signature data.

I'm still not a big fan of this as a standards track document as I don't 
feel it provides enough general benefit nor does it provide a standard 
and programmatic answer to "what do I do if it doesn't verify", but I'm 
no longer adamant it needs to be experimental as it no longer forces a 
contract for future digesting models.

Later, Mike



On 3/9/2020 5:24 PM, Michael StJohns wrote:
> On 3/9/2020 4:46 PM, Wessels, Duane wrote:
>>> Michael StJohns pointed out (Feb 25) that a verifier that does not
>>> recognise a particular
>>> ZONEMD Scheme and/or Hash Algorithm may be unable to create the
>>> required placeholders,
>>> and therefore unable to perform a verification using any
>>> (Scheme,Algorithm) at all.
>> I don't believe that to be the case.  For the unknown schemes/algorithms
>> the recipient simply replaces how ever many octets the received ZONEMD digest
>> had with all zeros.
>>
>>
>>
>
> As of right now, I don't believe the current format is future proofed.
>
> Current encoding:
>
> 0x01 - simple
> 0x01 - SHA384
> 48 bytes of digest.
>
> 0x01 - simple
> 0x02 - SHA512
> 64 bytes of digest.
>
> 0x02 - Complex
> 0x00 - Ignored - mainly because I'm forced to have it here because of 
> the SIMPLE scheme - it doesn't specify a digest type.
> [Opaque values that describe the complex scheme - e.g. btree 
> description, partial hashes, selection matrix of RRs I actually care 
> about etc]
> [More opaque values that are the various digest(s)]
>
> These are OPAQUE from a receiver that only understands SIMPLE.
>
> For the latter scheme, I want to include the first part of the opaque 
> values in the various hash calculations.   But the SIMPLE scheme will 
> set them to zero for its own calculations?   And I have to do special 
> things for scheme 1 to do my calculations. AND I have to know that 
> digest 0x02 requires 64 bytes of zero for the calculation even if I'm 
> only able to verify SHA384 digests.  Any error in the formation of the 
> digest 0x02 digest field or scheme 0x02 data field means that the 0x01 
> digest won't verify.  Ditto for any formation for the scheme 2 complex 
> digest relative to the Scheme 1 digests.  This makes all digests 
> interdependent which I believe was not desired.
>
> I see no benefit to including the ZONEMD RR in any digest calculation 
> with our without placeholdering it.
>
> Just omit any ZONEMD RR from the calculation and be done with it.  
> Make ALL ZONEMD RRs independent from each other.
>
>
>
>

v2.23.0 | Report a Bug | By Email