IETF Logo Mail Archive

Re: [DNSOP] [secdir] Secdir last call review of draft-ietf-dnsop-server-cookies-04

Brian Dickson <brian.peter.dickson@gmail.com> Fri, 04 December 2020 21:31 UTC

Return-Path: <brian.peter.dickson@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A1D33A0C1B; Fri, 4 Dec 2020 13:31:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CDCqJdYsWpMH; Fri, 4 Dec 2020 13:31:22 -0800 (PST)
Received: from mail-vs1-xe35.google.com (mail-vs1-xe35.google.com [IPv6:2607:f8b0:4864:20::e35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A34DD3A0C17; Fri, 4 Dec 2020 13:31:21 -0800 (PST)
Received: by mail-vs1-xe35.google.com with SMTP id s85so4085678vsc.3; Fri, 04 Dec 2020 13:31:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=eKhI0skIpfD2LsAfZW9QasAKKjSkoz5772XizFNcoTw=; b=AQ4/1AI/pJtN3hsSXrtXPCS1dP+Q4BycTSJhKokPqWZRvdWa27Lz8n/YloGQ0Gmhpw hxvegLMdqc7HOjkn9KO3VIXeoyrfkBEMqUccepU9DYR1bcJ/ieoavxDh/wzHQi+wogkY WoqWlUh2CldJMHRLTvmI/b67XedoRo3RG5E6X1bz4wUHl48wij8GzHE5SyXtJLeJDSNS VSwxmUq7/fRJsvti9k7Ge4aZMn6xbL4mw3BMIibA5KouSNdcKlfcM9zYts5zjki5Arwm 5TVWRYJeMq7ZlXykF+ZbtpAkSUZ1eSckcq/ICiwJ/S98nJPOxvTOIgsDaKc7qw0vkYLl szRQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=eKhI0skIpfD2LsAfZW9QasAKKjSkoz5772XizFNcoTw=; b=akeaGbSaqY+VeqfL6glkOD2eaHowMbJXj5QPvMdaGKXoJpK16rNMBEMNeXrn0QKBUd 6/2dmSPP+c0766mi8P/16OTqAD22rNXRsb18zMpwYIVCVNsXfFdquaEmOw7bcRnX8oF2 8/vapIt3QG3nq3mWXiMM0NHME8vyyhLGYXa2xt3Jls93rAvTTieCeeISfDUScDI+F1zK HLi3LUd/sA82E1ODP1OPSSunSMSJQBbkqkElhpC7pEeOiiSPJHRc0XDMWbMcf2ui0Zap 1ReV7jhhxqGzSBuvdgLwgP7fkyj1gTrQ7V3dZObnrPvcM1jy7YS1LsW04UvWbp9PKVjg wGgg==
X-Gm-Message-State: AOAM531/qdZ4ZeVr4iztub+vWXR1YKuQiovkMi3mmFKAREwG0hNgRk7U v7t51bULIgbxp1tl13pG0S0+tTHw8e46K6x4Um0=
X-Google-Smtp-Source: ABdhPJx0s+kTp8uCNris3qRIPDcPRQ9JtZ2MXdqYa0d3YcxpV5bcTDj3Fmctao8qdxYZAYYzYJ+dQCD8Ja38Vk6Z9tc=
X-Received: by 2002:a05:6102:215c:: with SMTP id h28mr5573623vsg.58.1607117480668; Fri, 04 Dec 2020 13:31:20 -0800 (PST)
MIME-Version: 1.0
References: <160693121881.9413.5642470305677631145@ietfa.amsl.com> <17AFD6F5-11DA-41BC-8C37-E1893648041D@isc.org> <CABcZeBPRn3aTBsApawvk_Ecyzdbi+SX9=b74y0_uhYx_Y8p-5w@mail.gmail.com> <51A61472-45D7-4133-80BC-1F470B5CBD84@isc.org> <20201204203635.GS64351@kduck.mit.edu>
In-Reply-To: <20201204203635.GS64351@kduck.mit.edu>
From: Brian Dickson <brian.peter.dickson@gmail.com>
Date: Fri, 04 Dec 2020 13:31:09 -0800
Message-ID: <CAH1iCip+MTHXvxKV_Tz6-7vYP9e-v8MxJVXNLqkPsgBM2_7njQ@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: Ondřej Surý <ondrej@isc.org>, last-call@ietf.org, draft-ietf-dnsop-server-cookies.all@ietf.org, dnsop WG <dnsop@ietf.org>, secdir@ietf.org
Content-Type: multipart/alternative; boundary="0000000000008c3ca105b5aa32df"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/8q3oqLv9VX1HXCDKPcf1Pg--IT8>
Subject: Re: [DNSOP] [secdir] Secdir last call review of draft-ietf-dnsop-server-cookies-04
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 04 Dec 2020 21:31:24 -0000

On Fri, Dec 4, 2020 at 12:39 PM Benjamin Kaduk <kaduk@mit.edu> wrote:

> Hi Ondřej,
>
> In a similar vein, you said something about the 32-bit timestamp being wide
> enough to prevent brute-force attacks.  Could you say a bit more about what
> attacks those are that are being prevented?  I'm not really seeing how the
> width of the timestamp comes into play for that concern, just from a quick
> skim of the document.  (Timestamps tend to not provide much protection
> against brute force by themselves, since time is relatively guessable,
> especially to seconds precision.)
>

I think the timestamp being used as input to the hash provides a particular
protection to brute forcing.
Since the output (hash) is a function of the input, this means that any
attempt to brute force some other element which is an input to the hash,
will be constrained by an element over which the attacker has no control.

The timestamp is a monotonically increasing (modulo 32) value, which
changes every second.
This places a time window for a brute force attack, to be of a 1 second
duration.
Alternatively, it can be considered as increasing the entropy, meaning the
brute force attempt would need to include all potential values of the
timestamp over the cookie lifetime.
I believe the 30 minutes or 1 hour lifetime adds enough entropy to
significantly increase the work required for a brute force attack.

I don't think the absolute size of the timestamp value (in bits) plays any
part here.

Brian Dickson

v2.23.0 | Report a Bug | By Email