IETF Logo Mail Archive

Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt

George Michaelson <ggm@algebras.org> Tue, 10 July 2018 02:10 UTC

Return-Path: <ggm@algebras.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E814130EE6 for <dnsop@ietfa.amsl.com>; Mon, 9 Jul 2018 19:10:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=algebras-org.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Zg9Ms-_wARYs for <dnsop@ietfa.amsl.com>; Mon, 9 Jul 2018 19:10:47 -0700 (PDT)
Received: from mail-wr1-x429.google.com (mail-wr1-x429.google.com [IPv6:2a00:1450:4864:20::429]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83675130EE2 for <dnsop@ietf.org>; Mon, 9 Jul 2018 19:10:47 -0700 (PDT)
Received: by mail-wr1-x429.google.com with SMTP id r16-v6so12875081wrt.11 for <dnsop@ietf.org>; Mon, 09 Jul 2018 19:10:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=algebras-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=8QKt/3S83QKamdD/E9u1U4e61lzMKxoUAAS2+fCwl34=; b=R+DDfT3gAB7vZHjTXsKrOcxAgHv11kk2e4otvjVzxVfmPspLZfTB7+v4b3D7AGmNZ0 qxJbPUImiuu20S1GeF3UOrO31ttCReHCho5hcGjumIhsNOB3cb37jq40S1YHNgJduEqJ kYszIy23gFAyug3TC4+HZkcHd9gEYag/orrp3Je8ouVWaBF7OXntYyak434Ue0OMCH/t Pn2edRJEeScKupgfBGybo9G/Y5zQjOCL3ZA8X7GYPAZeDsv2kqQf6FvV8PhHPeNkVBWr V08PWoh2ctQ2PADUKLq0Uxp6WkeOqcV+pUMhYN2E/W7KiyBPHnVDWGmP3xKZmfwFfOy9 L6oA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=8QKt/3S83QKamdD/E9u1U4e61lzMKxoUAAS2+fCwl34=; b=Icl0Qu+GzbfYDSDbNhpquE11+HrouYXMEclYTX4o0ajZrDO31/+vMdKnQHyRcpsWzJ +8hI0PNvNn9fEVEtfHiC5l6XYIBj7hb0xmy4b6w7//Ym5T/VedEknB1+jcqqOwUVhhPy PVZidVUENOg9aUBdODewrEtM6wq7hm4ELAfsQ6L5tfU1I29CQqp83WE4STEairXlfM4e kn69gOnRg2BVG/gcCI94e4upft3ypyb7/5H/1wZ1LPykQfiFbW8B0KYqrqZHimj4buCN 6DVcFmqygAzIXIj00FPtR4kFThUWYJ2ETalex3KO0mjFnf16PJA77wD7uEorc1Ebf+qY IT6A==
X-Gm-Message-State: APt69E2s9fno6GetE6qZk22DhqOtUPs3YXgxeeAkFVPHpY11u8bCORok v0hfPfGYTshqJjIoeDO8TC5rFe8MNF2b2D2sNBCq5w==
X-Google-Smtp-Source: AAOMgpeLdvmiVYW+m2Vnpso2j/+/tkGDsR1x7mPbiOMBM/R0qbz0TluFnGi0q6uUJ+MA1gKpmH0PjEiq5OjBat3jbOM=
X-Received: by 2002:adf:a401:: with SMTP id d1-v6mr15494885wra.121.1531188645992; Mon, 09 Jul 2018 19:10:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a1c:12cb:0:0:0:0:0 with HTTP; Mon, 9 Jul 2018 19:10:45 -0700 (PDT)
X-Originating-IP: [203.119.0.144]
In-Reply-To: <C166C402-7814-4F76-902B-5E4B08DBE6D5@isc.org>
References: <4DCC5A51-1AB0-47B6-92B5-79B6894F9A9C@verisign.com> <CAJE_bqcELQbQeHPvvEBHOxpRyWYL76BmT_-G4jW4pTnUUXFMUw@mail.gmail.com> <27C44216-581A-4991-A739-ECE8B7F8AA35@verisign.com> <884c2d11-9db0-7668-59c9-baa8574a03f7@time-travellers.org> <37873808-8354-b26b-34f4-880ea7a5f0da@nic.cz> <e9f99fce-c240-7f23-c580-1fb8bd0a0687@time-travellers.org> <20180621203116.a7kv4ysotfe7kw5k@nic.cl> <3ba53c28-8895-b0ec-badc-7ce31a8df8fc@nic.cz> <C027F687-BE37-42D4-959B-269BA2F49837@ogud.com> <CAKr6gn0BZgKGExweF2Hawh_shZSD+WxJ460YO-mbRQjg09uo_A@mail.gmail.com> <44A2CDA4-A105-41DE-BCBC-664BCB811304@verisign.com> <CAKr6gn1ALiKPXPpi6ggwiFeLMH-b15UjfWOnMY2++SyoXoiQpQ@mail.gmail.com> <B3D78ECC-F4A8-4EE9-AC79-6B1E85C02D04@verisign.com> <CAKr6gn1hM6xrupVgOENSHna1dmVp=dVBfPTkPeSFPW6tTkFQPA@mail.gmail.com> <C166C402-7814-4F76-902B-5E4B08DBE6D5@isc.org>
From: George Michaelson <ggm@algebras.org>
Date: Tue, 10 Jul 2018 12:10:45 +1000
Message-ID: <CAKr6gn2SeAM2mCvEeWcuWkEhW2t1+eqTKH5Attcx8oKZ+DTjLQ@mail.gmail.com>
To: Mark Andrews <marka@isc.org>
Cc: "Wessels, Duane" <dwessels@verisign.com>, dnsop WG <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/AjNzeeKyV1WSgso0RoBXFuDety4>
Subject: Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jul 2018 02:10:50 -0000

What I want is the nexus of OOB "file" form zone download and
integrity check which is cheap to implement signer and receiver.

I was on PGP. Duane has taken me to an RR which is a sequenced,
canonicalized digest, which then is under the ZSK sign of the zone.

For the root, it feels doable. For Com, nothing but a
cipher-block-chain model of intermediates is going to scale but a
single file download and integrity check was always going to fail
there.

I know you're talking in-band download: I am targetting out of band
"file" download. Its a model. It works. Its useful. The least
dependencies and easiest path is what I seek, Olafur drove to a new
keying regime and external signatures. Duane has taken me back to "you
can use what you have, if you will canonicalize the file to make the
RR for a digest"

-G

On Tue, Jul 10, 2018 at 12:01 PM, Mark Andrews <marka@isc.org> wrote:
>
>
>> On 10 Jul 2018, at 10:22 am, George Michaelson <ggm@algebras.org> wrote:
>>
>> Yea, having read things properly and been hit by a cluestick I think
>> this is good.
>>
>> * the RR is a digest over canonicalized state
>>
>> * there is a simple method to take zone, re-canonicalize (its the
>> DNSSEC order) and check the digest
>>
>> * since the RR is covered by the ZSK signing, the entire zone is
>> understood to be in the state the publisher had when they made the
>> digest.
>>
>> * if you download a zone file, with this RR, you can re-canonicalize
>> and check easily.
>>
>> You have to have a DNSSEC ta over the keys used come what may, but
>> this looks like a mechanism which given an out of band TA has no
>> in-band DNS dependency to get a zone and check a zone.
>>
>> So functionally, Duanes thing is identical in outcome to PGP signing
>> or other exterior file signatures.
>>
>> -G
>
> The problem with what is currently there is that it requires the *entire* zone to walked on every dynamic update to recompute the hash.  That has always been the primary objection to SIG(AXFR).
>
> We can do the hashing (and signing) on much smaller increments.
>
> We could sign each RRset that is not already signed (GSIG) in the zone and introduce a glue NSEC like record (GSEC) to prevent those RRsets being removed.
>
> We could hash larger collections of RRsets but smaller than a the whole zone.  That is what XSIG that I proposed earlier does.  It hashes the currently unsigned zone data and prevents its removal from the zone.  I don’t care if it is XSIG or XHASH which is then signed.  Mathematically they are the same.  This mechanism works with OPTOUT and NSEC3 as well as NSEC but does require the unsigned delegations to be hashed if enabled.
>
> Mark
>
>
>
>> On Tue, Jul 10, 2018 at 10:05 AM, Wessels, Duane <dwessels@verisign.com> wrote:
>>> George,
>>>
>>>
>>>> On Jul 9, 2018, at 4:36 PM, George Michaelson <ggm@algebras.org> wrote:
>>>>
>>>> There's arguments both sides about cross signing, counter signing and
>>>> independent self-signing. If you want to promote out of band zone
>>>> exchange, it has to be signed. The key it signs with is immaterial if
>>>> you either direct knowledge of the PK in a PKI, or accept a trust
>>>> anchor relationship over it, or a web of trust.
>>>
>>> I'm not here to promote out-of-band distribution, but I think its going
>>> to happen (especially for the root zone) and I want something that works
>>> just as well for in- and out-of-band distribution.
>>>
>>> I think it makes sense that name server software, whether recursive or
>>> authoritative, can use a technique like this to verify zone data, whether
>>> it is loaded from disk or received over the network.
>>>
>>> The key may be immaterial, but I think the barrier to implementation is
>>> much lower if it can be done with what we already have (DNSSEC) rather than
>>> having to drag something like PGP in.
>>>
>>>
>>>
>>>> So do you prefer (for instance) that the ZSK be used outside of DNSSEC
>>>> to sign a detached signature over the file, irrespective or content
>>>> order, if the file is to be made available?
>>>
>>> Sorry I don't quite follow.  What we're suggesting is not a signature over
>>> the file/data, but a hash over the data, which in turn can be signed.
>>>
>>>> Because if you basically
>>>> prefer its *not signed* for this mode of transfer, you've stepped
>>>
>>> For me the mode of transfer is irrelevant.  My goal is to secure the data,
>>> not the transfer.
>>>
>>>> outside the model: you now demand the file is checked on load, element
>>>> by element, against the TA, rather than being integrity checked by a
>>>> MAC signed by the issuer, which permits eg direct binary loadable, or
>>>> other states.
>>>
>>> We're not demanding anything (MAY/SHOULD vs MUST) but what we propose is, as
>>> you say, MAC signed by the issuer.
>>>
>>> DW
>>>
>>>
>>>>
>>>> -G
>>>>
>>>> On Tue, Jul 10, 2018 at 7:47 AM, Wessels, Duane <dwessels@verisign.com> wrote:
>>>>>
>>>>>> On Jul 8, 2018, at 6:02 PM, George Michaelson <ggm@algebras.org> wrote:
>>>>>>
>>>>>> So how about use of a PGP key which is a payload in TXT signed over by
>>>>>> the ZSK/KSK so the trust paths bind together?
>>>>>>
>>>>>> fetch one DNS record +sigs, check against the TA (which has to be a
>>>>>> given) and then..
>>>>>
>>>>> Currently in the zone digest draft DNSSEC is not mandatory.  That is, the zone
>>>>> needn't necessarily be signed and a receiver need not perform the validation if
>>>>> they don't want to.
>>>>>
>>>>> Even without DNSSEC the digest gives you a little protection from accidental corruption.  But not from malicious interference of course.
>>>>>
>>>>> It seems kind of silly to me to double up on public key cryptosystems.  We already have keys attached to zones and software that generates and validates signatures.
>>>>>
>>>>> DW
>>>>>
>>>
>>
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742              INTERNET: marka@isc.org
>

v2.23.0 | Report a Bug | By Email