[DNSOP] Re: New draft on collision free key tags in DNSSEC
Petr Špaček <pspacek@isc.org> Wed, 31 July 2024 13:29 UTC
Return-Path: <pspacek@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6D90C151069 for <dnsop@ietfa.amsl.com>; Wed, 31 Jul 2024 06:29:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b="aXidXi9W"; dkim=pass (1024-bit key) header.d=isc.org header.b="fOKXAJp7"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BbsocEywCdPV for <dnsop@ietfa.amsl.com>; Wed, 31 Jul 2024 06:29:03 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.2.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0A29C14F5FE for <dnsop@ietf.org>; Wed, 31 Jul 2024 06:29:03 -0700 (PDT)
Received: from zimbrang.isc.org (zimbrang.isc.org [149.20.2.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id D19923AB287 for <dnsop@ietf.org>; Wed, 31 Jul 2024 13:29:02 +0000 (UTC)
ARC-Filter: OpenARC Filter v1.0.0 mx.pao1.isc.org D19923AB287
Authentication-Results: mx.pao1.isc.org; arc=none smtp.remote-ip=149.20.2.31
ARC-Seal: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1722432542; cv=none; b=JBBQbXRmGKd/jY4rF36baTpmMcx2M0tP/05IoauYtBhkVaPIpPMBC7UfH1sRLgzM3Ro1tMVbWN3hVk3+XWGhi2jMmbttfwUbGJz9pjPpyUarH5nZKvBzjx421oVdAjPFbRLkPkioff37aPhWD+QYwIV1vvdL2dqmCnwyNgWQFAc=
ARC-Message-Signature: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1722432542; c=relaxed/relaxed; bh=8B518S2ZqlBhwEC5s/0NK3BelCEmRu/9tNeNbmNT3Bw=; h=DKIM-Signature:DKIM-Signature:Message-ID:Date:MIME-Version: Subject:To:From; b=AYx+CVvs/KAM4EWIyYF/IGMwabndwNJYqpVdOQS/FlcrWDNRrslcFeQg5lXJiwLHi2PDil5Yzubt/7i63tOzc1L4FtVkOwd6XvZaNENn6EZvu9T+1+B3US1fg0I/JKrZ9oCE7OEN2x8awHkcwPoTdlnc8zwQICFWNmBv+2AKlXM=
ARC-Authentication-Results: i=1; mx.pao1.isc.org
DKIM-Filter: OpenDKIM Filter v2.10.3 mx.pao1.isc.org D19923AB287
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1722432542; bh=8B518S2ZqlBhwEC5s/0NK3BelCEmRu/9tNeNbmNT3Bw=; h=Date:Subject:To:References:From:In-Reply-To; b=aXidXi9WU2OCXsvQcSD1V1OhZW2JKoC6FlB3toJKAAlhlpL8ILEpZb85lR7mH/ohE q9D5DsJDW8mztoz+BTLgsOQdj7RS/hss0uprLqyvDrPjSIGabcO0xjpRl1mjpvVVOU Yj+znU2BpwZelxhmAKRY8XwY8wBGtJLilrmgp6o0=
Received: from zimbrang.isc.org (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTPS id CD8B2114D0C6 for <dnsop@ietf.org>; Wed, 31 Jul 2024 13:29:02 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTP id AD5D9114D11B for <dnsop@ietf.org>; Wed, 31 Jul 2024 13:29:02 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbrang.isc.org AD5D9114D11B
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1722432542; bh=8B518S2ZqlBhwEC5s/0NK3BelCEmRu/9tNeNbmNT3Bw=; h=Message-ID:Date:MIME-Version:To:From; b=fOKXAJp7N/+RY1MLy3VRVK1HYI9KSiiHPZIjftPO+YDkOzfEnU4UWiMO9zkcfMpR0 Wm+wZ9GZr5mkHOf1QTyIJL+TdQSdRCe5tS+T0KYq3beD2XOEA8q6J6PW3IUnPb6YPd MdRlBPbc3U7oEAn5lSHYDIdHHPeMgBhy9sWVuWBM=
Received: from zimbrang.isc.org ([127.0.0.1]) by localhost (zimbrang.isc.org [127.0.0.1]) (amavis, port 10026) with ESMTP id YMIEYD4x2Skb for <dnsop@ietf.org>; Wed, 31 Jul 2024 13:29:02 +0000 (UTC)
Received: from [192.168.0.131] (94-143-239-125.chrudim.cz [94.143.239.125]) by zimbrang.isc.org (Postfix) with ESMTPSA id 4E032114D0C6 for <dnsop@ietf.org>; Wed, 31 Jul 2024 13:29:02 +0000 (UTC)
Message-ID: <db4ce7d8-4956-4c59-b396-c564f513f19b@isc.org>
Date: Wed, 31 Jul 2024 15:29:00 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: dnsop@ietf.org
References: <CAHPuVdUveYraaGtrGveKTiLgP1L19G6g6=bsKsHjsPsP5fkiXg@mail.gmail.com> <774ab370-5d66-4c0d-b0a4-6d9e9cec2549@nic.cz>
From: Petr Špaček <pspacek@isc.org>
Content-Language: en-US
Autocrypt: addr=pspacek@isc.org; keydata= xsFNBF/OJ/4BEAC0jP/EShRZtcI9KmzVK4IoD/GEDtcaNEEQzPt05G8xtC0P4uteXUwW8jaB CdcKIKR4eUJw3wdXXScLNlyh0i+gm5mIvKPrBYNAMOGGnkbAmMQOt9Q+TyGeTSSGiAjfvd/N nYg7L/KjVbG0sp6pAWVORMpR0oChHflzKSjvJITCGdpwagxSffU2HeWrLN7ePES6gPbtZ8HY KHUqjWZQsXLkMFw4yj8ZXuGarLwdBMB7V/9YHVkatJPjTsP8ZE723rV18iLiMvBqh4XtReEP 0vGQgiHnLnKs+reDiFy0cSOG0lpUWVGI50znu/gBuZRtTAE0LfMa0oAYaq997Y4k+na6JvHK hhaZMy82cD4YUa/xNnUPMXJjkJOBV4ghz/58GiT32lj4rdccjQO4zlvtjltjp9MTOFbRNI+I FCf9bykANotR+2BzttYKuCcred+Q7+wSDp9FQDdpUOiGnzT8oQukOuqiEh3J8hinHPGhtovH V22D0cU6T/u9mzvYoULhExPvXZglCLEuM0dACtjVsoyDkFVnTTupaPVuORgoW7nyNl0wDrII ILBqUBwzCdhQpYnyARSjx0gWSG1AQBKkk5SHQBqi1RAYC38M59SkpH0IKj+SaZbUJnuqshXh UIbY1GMHbW/GDhz7pNQFFYm2S4OPUBcmh/0O0Osma151/HjF7wARAQABzR9QZXRyIMWgcGHE jWVrIDxwc3BhY2VrQGlzYy5vcmc+wsGXBBMBCABBAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B AheAAhkBFiEEEVO2++xeDVoSYmDzq9WHzfBlga4FAmWT+REFCQelsxMACgkQq9WHzfBlga7y 2Q//Ug58UI9mlnD/guf9mHqpJIMrBs/vX8HlzylsDcZUBTp2TJpzNh/CygPWrHY+IvA9I9+t Ygp0sB+Z9OtVZgW3bpWJ0iWe6N89Q0kwOuhJ75LsfR1V73L5C826M6bLQjYTj6HiwS9Nf+N0 jADhEV/p1KtCuZfwBkYJ4ZM+Na0zWerGPkGw9T9O0gfs0ePehzJ5V0OK0nCqMuC1h8o/rhCb vRCmxdAbNjrOrgKa7HN5DadP/tKstJMM09aXlT5q96fRIyCQyqXQoCrijCWvgAxgjABdh1TB /XsYvBC8+4wy5ZBtTcnxXGrMhrSxU2/vIK6RjDju7OIRClMNepEzvt0gNzxwwxIXVOzl5ioC i/Okovk1rZneFFxbVvaMyIJgY/hShJV7Ei+5S9UZUv6UUmRQ6zukeiSVZrtXs6fWLVlUnBDl Cv/fXi25hrymqNfPSBSB0tyc6YepR1Rq9omTni6DYmEHQuhPMHJ2fuiNNyBaH+9EI7go5e0J LvXVLJGXkMdTcmYHja1pDjmQ1K71gewfPWGFmn0JTa92GuZJaR/4MVePvoV0NTpCP0HiKIg5 0+AOdpvkJReFKTQOX08SwkUkgvy9h9WjBMpD5ymMs4gjJwXtcT1+aVtj9Xcw6tQde9Yyjxde a6UZ3TUfys8qZ8ZKmMKTaCUFukKzWDJMZ91V1b/OwU0EX84n/gEQANARNXihDNc1fLNFZK5s O14Yg2TouK9eo9gGh4yLSrmZ3pjtnuJSpTWmGD4g0EYzhwWA/T+CqjUnrhsvzLQ1ECYVqLpM VqK2OJ9PhLRbx1ITd4SKO/0xvXFkUqDTIF6a5mUCXH5DzTQGSmJwcjoRv3ye+Z1lDzOKJ+Qr gDHM2WLGlSZAVGcUeD1S2Mp/FroNOjGzrFXsUhOBNMo8PSC4ap0ZgYeVBq5aiMaQex0r+uM4 45S1z5N2nkNRYlUARkfKirqQxJ4mtj5XPC/jtdaUiMzvnwcMmLAwPlDNYiU0kO5IqJFBdzmJ yjzomVk1zK9AYS/woeIxETs+s6o7qXtMGGIoMWr6pirpHk4Wgp4TS02BSTSmNzParrFxLpEU dFKq3M0IsBCVGvfNgWL2pKKQVq34fwuBhJFQAigR9B3O9mfaeejrqt73Crp0ng0+Q74+Llzj EIJLOHYTMISTJyxYzhMCQlgPkKoj+TSVkRzBZoYFkUt4OXvlFj73wkeqeF8Z1YWoOCIjwXH9 0u2lPEq0cRHHyK+KSeH1zQJ4xgj0QDGPmkvi81D13sRaaNu3uSfXEDrdYYc+TSZd2bVh2VCr xrcfzQ1uz9fsdC9NPdNd7/mHvcAaNc5e9IhNh67L54aMBkzlJi18d0sWXOOHkyLSvbHnC/OP wv7qCf69PUJmtoeHABEBAAHCwXwEGAEIACYCGwwWIQQRU7b77F4NWhJiYPOr1YfN8GWBrgUC ZZP5UgUJB6WzVAAKCRCr1YfN8GWBrgxpD/949Tz7EtrE9e2yJ4np+y7uW8EDusVM3QsBdkYk yaQTupITew8WWQtNF/QK/MKRi+e/382t78nBq+T7G9PrRi7E4WS9dXdgJiFz25h3mC4TABJZ b6MLcEreLWTaqnR/D6F3AnNXh7GJFY4E6PAwC60W0R9G6R0E+2XeZX011NEGiBMvgZnqzzjU L9h8Gz7a/EsQync4cvLbruPt/UaOV0khKTefsOFj3q3wLY6qN2qw7HfgFRBCh6ME2XRvnwAd iv0pF4HRbXoFalkAsNEYkWQ6mkJjdYCHOWm3TWqXhalgGKqIOrQyMpH2mJpZllKBQiBiQMUz qz0cO9OqBk3xvNLplI3VNcC0WeQ8LEqyYKth2T78hVaIw8K0IcVmZQwXVxL03gojaJ5bK2O+ 2FfqKMcIiU+bqaTXntx+FYRQKblsUBYD77uU9sPVyKWIiHvukLTx7GY1ttn6gZDSIek/tTR7 oaei+xLh5JUgZpMZ4JHnirDWHbrJzYN95e8HWA/+qAOTsa+igZGsc6yA1oJIAnCwkclcLAgc x3GVVeEL+/b9CugZ+1OfbxlRK7gAeu0kyKiEXrUvCQPnPByIIfj4I4IvZO4552cmmnbn31f9 X/9nw+M4qAqOK7bRg65ucv71TayUehNJrfJSYx6P1tXIwzu19tIgtdWTcsszNWALfaUFtg==
In-Reply-To: <774ab370-5d66-4c0d-b0a4-6d9e9cec2549@nic.cz>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: VXH3Y2VFAGQAQKU7UFHGMCRXQVPZGS5F
X-Message-ID-Hash: VXH3Y2VFAGQAQKU7UFHGMCRXQVPZGS5F
X-MailFrom: pspacek@isc.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: New draft on collision free key tags in DNSSEC
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/EDTD12wZu5CesVeQpcmss5ookXI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
On 30. 07. 24 9:41, libor.peltan wrote: > 2) I would still vote for allowing one keytag collision per zone (not > per whole chain-of-trust, like Bind does) instead of none. This would be > more comfortable for many older/simpler signers and not too much > additional work for validating resolvers, IMHO. Per-zone limit does not defend against resource exhaustion because an attacker can construct chain of delegations a.b.c.d.e...... and max out limit on each level. Then you instantly get about 126*(per-zone limit on validations) just for this particular attack vector. > 3) The idea of imposing the limit at first on new algorithms seems > reasonable -- new algos mean new software which can easily adhere to new > rules. However, we are in the situation that in fact, the existing > resolvers already impose such (or very similar) limits on existing > algorithms. So the document stating the requirement for auths/signer > actually comes retrospectively, and I see no point in using this > conservative enforcement strategy. Anyway, it can realistically take > decades before any new algorithms seize some good portion of DNSSEC. In > other words, that flag day has already silently passed. I agree with the angle that silent flag day has happened already. It's just undocumented (in form of RFC). > 4) It would look prettier if the document mentions also rules/preactices > for validating resolvers. Stating what the validator should do (and what > it must not do) when observing a tiny or a huge keytag collision. > > 5) I agree with Vladimir that keytag collision is just a small piece of > the whole problematic of DNSSEC validator resource consumption. I'm not > sure if it's wise to start with this single piece in one document, or > working on a more covering document, exploring it all. But it's always > useful if we somehow document the limits for signers and validators, so > that they can interoperate smoothly. The goal is to prevent surprises > when the signer signs somehow, and various validators do and don't > validate due to imposing unexpected limits. This is what we should do! I agree with both of you. This is very small piece of the puzzle and IMHO not worth a standalone document - the overhead is too large. I could see value in a document "here's list of ideas to think about if you are trying to defend against resource exhaustion" - in DNSSEC and DNS in general. - RRSIG validation vs. state explosion - adversarial DNSKEY values (e.g. RSA gives plenty of leeway) - DS matching & validation - NSEC3 iterations, NSEC3 with many labels, wildcards, chains ... - trivial random subdomain attack into a signed domain - SIG(0) flood - CNAME/HTTPS/additional processing limits - five different ways to misuse delegation and CNAMEs - lots of out of bailiwick NS names - RD=0 non-compliance - query coalescing misuse ... - ... My two cents. Petr Špaček Internet Systems Consortium > Dne 26. 07. 24 v 2:34 Shumon Huque napsal(a): >> Folks, >> >> For discussion ... >> >> Mark Andrews, Elias Heftrig, and I have a new draft on collision free >> key tags in DNSSEC. This topic has been in the air since the Keytrap >> vulnerability disclosure -- and IETF120 hallway track conversations >> this week prompted us to write up a rough initial proposal for this. >> Will need much more fleshing out of details etc, but we hope this can >> serve as a starting point ... >> >> https://datatracker.ietf.org/doc/html/draft-huque-dnsop-keytags-00 >> >> Shumon, Mark, Elias
- [DNSOP] New draft on collision free key tags in D… Shumon Huque
- [DNSOP] Re: [Ext] New draft on collision free key… Paul Hoffman
- [DNSOP] Re: [Ext] New draft on collision free key… Yorgos Thessalonikefs
- [DNSOP] Re: [Ext] New draft on collision free key… Shumon Huque
- [DNSOP] Re: [Ext] New draft on collision free key… Yorgos Thessalonikefs
- [DNSOP] Re: [Ext] New draft on collision free key… Paul Wouters
- [DNSOP] Re: [Ext] New draft on collision free key… Paul Wouters
- [DNSOP] Re: [Ext] New draft on collision free key… Yorgos Thessalonikefs
- [DNSOP] Re: [Ext] New draft on collision free key… Shumon Huque
- [DNSOP] Re: [Ext] New draft on collision free key… John Levine
- [DNSOP] Re: [Ext] New draft on collision free key… John R Levine
- [DNSOP] Re: [Ext] New draft on collision free key… John Levine
- [DNSOP] Re: New draft on collision free key tags … Edward Lewis
- [DNSOP] Re: [Ext] New draft on collision free key… Edward Lewis
- [DNSOP] Re: [Ext] New draft on collision free key… Mark Andrews
- [DNSOP] Re: [Ext] New draft on collision free key… Mark Andrews
- [DNSOP] Re: [Ext] New draft on collision free key… John R. Levine
- [DNSOP] Re: [Ext] New draft on collision free key… Olafur Gudmundsson
- [DNSOP] Re: [Ext] New draft on collision free key… Paul Wouters
- [DNSOP] Re: New draft on collision free key tags … Vladimír Čunát
- [DNSOP] Re: New draft on collision free key tags … libor.peltan
- [DNSOP] Re: New draft on collision free key tags … Petr Špaček
- [DNSOP] Re: New draft on collision free key tags … Vladimír Čunát
- [DNSOP] Re: New draft on collision free key tags … Vladimír Čunát
- [DNSOP] Re: New draft on collision free key tags … Petr Špaček
- [DNSOP] Re: New draft on collision free key tags … Paul Wouters
- [DNSOP] Re: New draft on collision free key tags … libor.peltan
- [DNSOP] Re: New draft on collision free key tags … Peter Thomassen