IETF Logo Mail Archive

[DNSOP] Re: Proposal for opportunistic transport signaling from authoritative servers

Joe Abley <jabley@strandkip.nl> Tue, 24 June 2025 19:46 UTC

Return-Path: <jabley@strandkip.nl>
X-Original-To: dnsop@mail2.ietf.org
Delivered-To: dnsop@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 060B738EE65F; Tue, 24 Jun 2025 12:46:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=strandkip.nl
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EJfFsn0SdORf; Tue, 24 Jun 2025 12:46:33 -0700 (PDT)
Received: from dane.soverin.net (dane.soverin.net [185.233.34.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256)) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 2EA2538EE652; Tue, 24 Jun 2025 12:46:33 -0700 (PDT)
Received: from smtp.soverin.net (unknown [10.10.4.74]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by dane.soverin.net (Postfix) with ESMTPS id 4bRb6w377vz1HbL; Tue, 24 Jun 2025 19:46:32 +0000 (UTC)
Received: from smtp.soverin.net (smtp.soverin.net [10.10.4.100]) by soverin.net (Postfix) with ESMTPSA id 4bRb6w1FbzzHw; Tue, 24 Jun 2025 19:46:32 +0000 (UTC)
Authentication-Results: smtp.soverin.net; dkim=pass (2048-bit key; unprotected) header.d=strandkip.nl header.i=@strandkip.nl header.a=rsa-sha256 header.s=soverin1 header.b=qhe1NUbD; dkim-atps=neutral
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=strandkip.nl; s=soverin1; t=1750794392; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=z+SkJkrtjWswdewbv3Oj/PpkXXov+oPQR8UurDbcDA4=; b=qhe1NUbDEjhWTDcIGMdavGyEw0hNRPT8n36oqxw/SdZFMlxhGSCyUClMHxSyZYOaUJoTdB 07yJI0XoKUxKgbzyBqNqDiyUlegLN9cpCaYMVGpR7jSR2KhmlQApEj8jht7+V4XoM13McG y8GemkywfnZAV70DYb7h6Q4XbQKIxU8fJRJDQz3essPjkZ/Ytu9NRp1d71ExhxQt8mx3qr /2agFWu6O6tyP68Bc2ZZNX5Q83fgmK9Jek2uh/F039HIyRds3PHESu/DVzefbbpph/pws3 43HqQfUAJ3cC9eLGbhfc+554lRHx4PbEeUA41ZY+Q5o/yhXHxFQUClV3k4BFvw==
X-CM-Envelope: MS4xfFlgbpl8cT9SgDyPiGcCGquyfBpfv+hVA1uEIFzzVDuQB9/SRUzslfYKBxO9yTSQcE8MqMfi1BFHUytJuyqg3Dfmp+RGooC1DMFhxdJwCZahpwP2cgT+ qd3fwi/6ZZQ6LsBN941pfvdQd1y+2WTOYbsKgWA0IrbWvX3WhkdhZ3j1cm02bvkyAs83cLRLfDdi1YGYHMRO+eXu7PCgAAVIHUqjI/DwbI1jee2pYzGHT/IN jkO3CHHccrGT0m9HtE/8n9oajbsb4YP+kOaCCSIniSOHfwHuo48N4aZOqoM8G5+iqenA7l9psV27pTbfDqx01Yh5jvTpjvcQFS+zztRDgmId1SaLwyxGFpaw ff3pWu4GR8lzAJeMjFdisPsn71m3PwQ9mW23MJkKquz2J++qZxe5KTZ5KvFw8w2zLLPLnpfGC3yDWq73eVdHBjVm9pW2eJrXx3IBDt1flKRXiicEmc+N16sD 95qzDKQAC6HqHK1M
X-CM-Analysis: v=2.4 cv=I7afRMgg c=1 sm=1 tr=0 ts=685b0098 a=Shx4nXefAh5K8Zz3iG63Jg==:617 a=xqWC_Br6kY4A:10 a=48vgC7mUAAAA:8 a=LxecQ3_LTpP9A8T6nPcA:9 a=CjuIK1q_8ugA:10 a=PieeKOH_RVKuE9iu:21 a=_W_S_7VecoQA:10 a=QEXdDO2ut3YA:10 a=ADiJHLWpjGBBXEl7-v_j:22
Content-Type: multipart/alternative; boundary="Apple-Mail-2AC906AA-3AAF-4312-A0BC-A4AE28B56957"
Content-Transfer-Encoding: 7bit
From: Joe Abley <jabley@strandkip.nl>
Mime-Version: 1.0 (1.0)
Date: Tue, 24 Jun 2025 21:46:21 +0200
Message-Id: <CA8BCDDC-950F-4E07-B523-787C3C4769FD@strandkip.nl>
References: <DM6PR15MB236101155DF60A3C47B7138FB378A@DM6PR15MB2361.namprd15.prod.outlook.com>
In-Reply-To: <DM6PR15MB236101155DF60A3C47B7138FB378A@DM6PR15MB2361.namprd15.prod.outlook.com>
To: Ben Schwartz <bemasc=40meta.com@dmarc.ietf.org>
X-Spampanel-Class: ham
Message-ID-Hash: 6Z7BO6CJGROX475DJNSIUBTSEVDT5MF6
X-Message-ID-Hash: 6Z7BO6CJGROX475DJNSIUBTSEVDT5MF6
X-MailFrom: jabley@strandkip.nl
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Johan Stenstam <johan.stenstam@internetstiftelsen.se>, Working Group DNSOP <dnsop@ietf.org>, dns-privacy@ietf.org, Erik Bergström <erik.bergstrom@internetstiftelsen.se>, Leon Fernandez <leon.fernandez@internetstiftelsen.se>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [DNSOP] Re: Proposal for opportunistic transport signaling from authoritative servers
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/BAsQfxRIHBnbf2ixaIh2OfO1nkc>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On 24 Jun 2025, at 21:38, Ben Schwartz <bemasc=40meta.com@dmarc.ietf.org> wrote:

> 1. An attacker could strip the SVCB record and its RRSIG, resulting in an ordinary delegation response that would be accepted and used without encryption.

True. A client that didn't find a record could query for it which would give it the ability to validate any non-existence, but that sounds like a lot of pointless queries in the situation where the majority of zones don't have this kind of thing deployed (when most referrals don't include a courtesy SVCB).

> 2. This is a child-side record, and so presumably also a child-side RRSIG, but the validator may not yet have the child's DNSKEYs.  Fetching those keys (in order to validate the transport configuration) would create additional delay before the query could be sent.

That additional delay can be amortised over the lifetime in the cache of those records needed to provide a chain of trust though. A validator is going to have to do that work at some point.  

> 3. The parent-side logic to serve this RRSIG, and the coordination channels to get it there, seem complicated.

I guess. It seems approximately as complicated as CNAME flattening which is pretty common.

> Assuming it is signed by the ZSK, this also breaks a usual rule of not having parent-side content depend on the child ZSK.

The referral can be processed without it (by using other transports) so I'm not sure it's a dependency. 

The downgrade attack seems worth thinking about. I'm not sure how much we need to care about the other things. 


Joe

v2.35.0 | Report a Bug | By Email | System Status