IETF Logo Mail Archive

Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-security-considerations-08.txt

Michael StJohns <msj@nthpermutation.com> Sun, 03 December 2017 23:18 UTC

Return-Path: <msj@nthpermutation.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8107E1250B8 for <dnsop@ietfa.amsl.com>; Sun, 3 Dec 2017 15:18:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=nthpermutation-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vDNbPAO3wVh7 for <dnsop@ietfa.amsl.com>; Sun, 3 Dec 2017 15:18:22 -0800 (PST)
Received: from mail-qk0-x230.google.com (mail-qk0-x230.google.com [IPv6:2607:f8b0:400d:c09::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 954761200F1 for <dnsop@ietf.org>; Sun, 3 Dec 2017 15:18:22 -0800 (PST)
Received: by mail-qk0-x230.google.com with SMTP id b123so19378442qkg.7 for <dnsop@ietf.org>; Sun, 03 Dec 2017 15:18:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-transfer-encoding:content-language; bh=YzyqWDy8yzlcC4Vy5H74ZGDTBcGBosy+LJns2vS3a1s=; b=XlMOo9yJjtoi3QSZO5CECtvAqcmyjxmDRClIp/4LzAgpd0AJpziPx/lOWxYNzz0SN5 1vPRZ7jh7blVdfFeBOEL3o7/DIGuWiLQoVf4JE0c2CaK4CRua3Y1Hb1EOSm6TNy3fJ/X +G67pLu1BvsYOhJis2BRIHHVAsytJ1ic/GSpLGX+hGhGezqEePCO5uJG11D357GexXAV 1tKgVkSl4aWogqjOfYcyGdPV8wQMyHhs56BgFyBq7YKMqeY0HdQN8s9NbhWt9YGTUKgM HIdTvN8Qa7Hq2ss2hCHZ88Yl+/gcLy7B8B/P0FW2aIylzuNNDCtLVriCHnsJjqq5Mb/W 7FNA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-transfer-encoding :content-language; bh=YzyqWDy8yzlcC4Vy5H74ZGDTBcGBosy+LJns2vS3a1s=; b=lwQ/Ia4yv0/t/nNBEVaPuvr1hsfBRk04aCSltLSMb/1hUk8O2A6PgdNQdT30Gn05SB AmvypccFtCjRM5KeczdqIoRqkLLQBkO23eYkRU4u8GJ/ENA7veAOtDQSbYSEdMJEM12u 8yhNWnzp+hV7Oss6yjqTuALf58sxyCfN6D23JNNUXxO0UH0khFiv9RpyEMNQsIiyacKT yZ6HgizmwjYVOZz7izuxCTR2vbmypSydC3SV/kCcP5Tl5xOEv4fC467+1iMk3lpkpoCQ N9anu9HntV7KsWZPcS5mNWdOtvb4Hgxxp94/HZQxUFBFajG78raIWIh3hHo92T4Bvkfw GCoQ==
X-Gm-Message-State: AKGB3mI/mwz96e3Y+3V+91IlMSES8USLlv6mM95p6h0AHGLliW80rKcG CH7AmO3RyGjycv9Gd3gXoUaiDYLq
X-Google-Smtp-Source: AGs4zMb4zmvV1dvah3dmKMGIR/RF5maX5zh6moHXi0FwYr2WAnkWmBhdrRFANeGLz10N2UOBmXanbg==
X-Received: by 10.55.162.130 with SMTP id l124mr1965786qke.168.1512343101165; Sun, 03 Dec 2017 15:18:21 -0800 (PST)
Received: from ?IPv6:2601:152:4400:720f::1014? ([2601:152:4400:720f::1014]) by smtp.gmail.com with ESMTPSA id k34sm8503619qtk.5.2017.12.03.15.18.19 for <dnsop@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 03 Dec 2017 15:18:19 -0800 (PST)
To: dnsop@ietf.org
References: <151199364931.4845.3034001091375154653@ietfa.amsl.com> <yblvahshg6z.fsf@wu.hardakers.net>
From: Michael StJohns <msj@nthpermutation.com>
Message-ID: <9c71768d-4807-3d0a-b4b1-0ac8d066fe9f@nthpermutation.com>
Date: Sun, 03 Dec 2017 18:18:18 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <yblvahshg6z.fsf@wu.hardakers.net>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/4_-11ziKVstRrGRuwhSIk9pOi9s>
Subject: Re: [DNSOP] I-D Action: draft-ietf-dnsop-rfc5011-security-considerations-08.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 Dec 2017 23:18:24 -0000

On 11/29/2017 5:29 PM, Wes Hardaker wrote:
> internet-drafts@ietf.org writes:
>
>> A New Internet-Draft is available from the on-line Internet-Drafts
>> directories.  This draft is a work item of the Domain Name System
>> Operations WG of the IETF.
> FYI, this contains the restructuring talked about during IETF100/dnsop
> as well the new safetyMargin concepts proposed by MSJ.  I haven't done a
> complete double check on all my restructuring yet, so for the chairs
> especially: there will likely be a -09 very soon ready for second WGLC,
> but not this one.


Hi -

Much improved - but still some disconnects (all review is de novo):

In Abstract - insert "by the publisher" after "must be followed" - this 
is clear later, but should be clear in the abstract.


in Section 2 - first para - "from the DNSKEY publication and 
revocation's point of view" is unusual phrasing.  I'm not sure how a 
publication or revocation has a point of view.  I think you meant from 
the trust anchor publisher or SEP DNSKEY publisher's point of view?

in 3 - lastSigExpirationTime - replace the first sentence  with "The 
latest value (i.e. the future most date and time) of any RRSig Signature 
Expiration field  covering any DNSKEY RRSet containing only the old 
trust anchor(s) that are being superseded." - This may still need 
wordsmithing or expansion.

in 3 - sigExpirationTimeRemaining - two items: "latestSigExpirationTime" 
-> lastSigExpirationTime.  and measured from when?   I think its "when 
the addWaitTime calculation is run" or "lastSigExpirationTime - now"

in 5.1.1 T+10 - replace "they have now expired" with "the signatures 
have now expired" -  clarify context.

Delete 6.1.4 - activeRefreshOffset -  its a nonsensical value that is 
only valid from the resolver's point of view.   For a given 
publisher/authoritative server - there will be as many 
activeRefreshOffsets as there are resolvers so the publisher must assume 
the worst case of activeRefresh.

In 6.2.1 - replace activeRefreshOffset with activeRefresh - worst case 
value.

fix 6.2.1.1 delete the term for addHoldDownTime % activeRefresh - the "2 
* activeRefresh" in the previous term covers both the activeRefresh 
interval at the beginning of the acceptance period and the activeRefresh 
interval at the end.


In 6.2.2 - same changes as for 6.2.1 and 6.2.1.1 (e.g. get rid of 
activeRefreshOffset throughout).


                         v          activeRefresh v     
addHoldDownTime                 v    activeRefresh v  safetyMargin  v

|-----------------------|-------------------------------------|-------------------------------------|--------------------------|----------------|

  lastSigExpirationTime^^^                 acceptanceStarts ^^^       
acceptance begins to complete^^            earliestSafe^^^


After the second activeRefresh interval all of the well behaved and well 
connected resolvers should have the new trust anchor. The safetyMargin 
adds some space for poorly behaving or intermittently connected 
resolvers or those with some drops in queries.


Section 6.3 has one too many activeRefresh terms in both formulas - here 
are the corrected ones:

remWaitTime = sigExpirationTimeRemaining + activeRefresh + safetyFactor

remWallClockTime = lastSigExpirationTime + activeRefresh + safetyFactor

Basically, assuming no attacker, and no drops, all well-behaved 
resolvers will see the revocation after one activeRefresh interval from 
the time of publication.  Add the safety factor to take care of the 
slackers.  This is a fine value for normal revocations where you're 
pretty sure that the key hasn't been compromised.

There is no hold-time timer for revocation - they take effect 
immediately upon receipt and validation.

In the case of a key compromise, I would suggest that the revoked key be 
published for the same interval as you would use for adding a new trust 
anchor.  (But of course, this won't actually matter all that much if you 
only have a single trust anchor....)


Appendix A - fix the calculations to match up with the section 6 formulas.


Later, Mike

v2.23.0 | Report a Bug | By Email