IETF Logo Mail Archive

Re: [DNSOP] AD review of draft-ietf-dnsop-multi-provider-dnssec

Shumon Huque <shuque@gmail.com> Tue, 21 January 2020 15:06 UTC

Return-Path: <shuque@gmail.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BD2E2120090; Tue, 21 Jan 2020 07:06:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id reyKjxGICuy4; Tue, 21 Jan 2020 07:06:09 -0800 (PST)
Received: from mail-ot1-x336.google.com (mail-ot1-x336.google.com [IPv6:2607:f8b0:4864:20::336]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E1ED12009E; Tue, 21 Jan 2020 07:06:09 -0800 (PST)
Received: by mail-ot1-x336.google.com with SMTP id w21so3175412otj.7; Tue, 21 Jan 2020 07:06:09 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=f9qgosI4alqfOdQR6OJSmwgzDFDvAlvBk1FusddbbiU=; b=llxgr8CtQHix4j6CyyP1GVvxgmffM6jAoQs974Wtl70v4wpNkF5ars1tvOzRyBzw6X s2pUFqEAYTf0JlsoslaafY3QoV09PMuNQJZaq3K3nFnHxOedBxuFUEwjnSvxfL0ITXpj OG8iIqHU9hXiUUrh+papf4kw7gc+qEfXUWHsmTanywgmh/2JACX0/4DAgNvdoGgVhCHX IAZSKkVS8wRTOl1gCPXdTnuCuzrkpJK67ulx5/ekz/3HM542n+jKsyP9yOs9KSIgv2u9 EtdpP9U2dQwRJ1Le+qUgg3o5tg5JjccuWBEEqYw+dptyUuwv10ZzPbTTBLOIP/s+tCbe BkrA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=f9qgosI4alqfOdQR6OJSmwgzDFDvAlvBk1FusddbbiU=; b=uMrDvW+ZxrYHWA95Gy95UZzNSCWnLFPBaSUGoK68+GHMAY3P2pw1fYw9JA4vmva94i wmVJioeblVuEeiGIPlpDEchdyXZ1GoD8c8KFvcWH8qFcvUCHA+V48JHmiYL0kUT2zB5Y Oxq7KtVjlxIigKKY9Hln24U2FT5+lOoatUPghZ4bJ6ubivYba+eXNvdkpIHCRAJPnH9Q sfHMQ/1HK2S81zvjOOKGmPBSu3WAU2CIN6Nt1HNlFY8/u/Mv4j7O0pBGnZMXCP4fNVac XynnNlHSy1AEfcRdFqHs6RakI/fhmQdx+p75kBl3y/roDOo9GPDPeoU9cQYKa4IBXiKL HzXg==
X-Gm-Message-State: APjAAAWgIaQNazsAyMTKtm1b0Ma/ZQ0vfD6xOgCoCeU2x5nywdOAzmWN pBZ5Nz/AgwdOoth4kmHlGueOZY4Sryfvb2pgTLbrqg==
X-Google-Smtp-Source: APXvYqztJCjJUQd0czKixbDo3QT+8irSmG+/PAmtitZJbOmR+dFDGpV1GUOKuuWRFQC+Vow668mbMvUoMVbtYrHi9j0=
X-Received: by 2002:a9d:811:: with SMTP id 17mr4067804oty.369.1579619168523; Tue, 21 Jan 2020 07:06:08 -0800 (PST)
MIME-Version: 1.0
References: <CAHw9_iLFuSbdA2TFS4Qd2dAzDFJyJgfQGY1+T2c2JQZ3WTat_A@mail.gmail.com> <CAHPuVdUUeLx59B0SrzmFazd_rqUm1kU-ARG-LBEYa4jFQyaH3Q@mail.gmail.com> <3fb01cba-9558-531c-5764-9c34b111545b@pletterpet.nl>
In-Reply-To: <3fb01cba-9558-531c-5764-9c34b111545b@pletterpet.nl>
From: Shumon Huque <shuque@gmail.com>
Date: Tue, 21 Jan 2020 10:05:56 -0500
Message-ID: <CAHPuVdWNAJbGm=j96149Sb9gig1QuAyCXyVbsZY0BzhpP_DV3g@mail.gmail.com>
To: Matthijs Mekking <matthijs@pletterpet.nl>
Cc: "dnsop@ietf.org WG" <dnsop@ietf.org>, draft-ietf-dnsop-multi-provider-dnssec@ietf.org
Content-Type: multipart/alternative; boundary="0000000000006b9850059ca7bfc7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/FxtGYkpcnZrlOzCpv5953kdXTNM>
Subject: Re: [DNSOP] AD review of draft-ietf-dnsop-multi-provider-dnssec
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Jan 2020 15:06:15 -0000

Hi Matthijs,

Sorry, I did miss your original note on this point. Now that I've seen it,
I'm copying back dnsop@ietf.org to see if there are other comments on your
proposal.

When the Algorithm Considerations section was originally written, I
intentionally did not prohibit the use of multiple algorithms across
providers (even though we recommended against it) for a very
pragmatic reason: I was actually working with 2 DNS providers that
supported disjoint algorithms (one RSASHA256 and the other ECDSAP256), and
was seriously contemplating deploying such a multi-signer configuration in
production. It would be a bit strange to deploy a configuration on the one
hand, and at the same time write a document that explicitly forbid that
configuration.

You mention that authoritative servers cannot simply ignore the rule that
they must sign all RRsets in the zone with every algorithm in the DNSKEY
RRset. However, in practice it is clearly being ignored. Neither .SE or .BR
double signed their zone data during their algorithm rollovers and there
are other cases.

As it turns out, the provider that only supported RSASHA256 exited the
managed DNS provider business, and the only vendors we are working with
currently all support our preferred algorithm (ECDSAP256) in common. Hence,
I am now open to updating the document to prohibit it. But will such text
cause aggravation for other potential deployers that may run into a similar
situation with other providers, and do we care?

This also begs the question: should we (in another document) update RFC
4035, Section 2 (last paragraph) to relax or eliminate the rule, if in fact
it is being ignored?

Frankly, I've always been a bit perplexed by this text, since it has no
accompanying rationale. The only compelling rationale I see is downgrade
protection - to detect that someone hasn't stripped away the signatures of
a stronger algorithm and forced a validator to authenticate only the weaker
signatures. But that implies that validators have a documented procedure to
rank algorithms, which I haven't yet seen. Is a 3072-bit RSASHA256 key
stronger or weaker than an ECDSAP256SHA256 key for example, or Ed25519 vs
ECDSAP256SHA256?

Shumon.

On Tue, Jan 21, 2020 at 3:59 AM Matthijs Mekking <matthijs@pletterpet.nl>
wrote:

> Hi Shumon,
>
> On 1/20/20 9:21 PM, Shumon Huque wrote:
> >     4: The document uses one inceanse of RFC2119 language (RECOMMENDED) -
> >     please either drop this, or add the 2119 / 8174 boilerplate.
> >
> >
> > Ok, I'm inclined to lowercase it, since we don't use 2119/8174 keywords
> > anywhere else in this document.
>
> Did you see my mail related to this? If you are going with the lowercase
> approach, please use the word "must" instead of "should".
>
> Best regards,
>
> Matthijs
>
>
> -------- Forwarded Message --------
> Subject: Re: [DNSOP] Working Group Last Call for
> draft-ietf-dnsop-multi-provider-dnssec
> Date: Mon, 13 Jan 2020 09:57:50 +0100
> From: Matthijs Mekking <matthijs@pletterpet.nl>
> To: dnsop@ietf.org
>
> Late to the party, I am sorry.
>
> I am positive about this document, and support publication. I do have
> one comment on the document, requesting an update.
>
> In section 4 it is said it is RECOMMENDED that providers use a common
> signing algorithm.  I think this is too weak and it must be a MUST.
>
> The reason given for RECOMMENDED is that the "liberal approach" works.
> The liberal approach says that authoritative zones MUST sign RRsets with
> every algorithm in the DNSKEY RRset, but validating resolvers don't have
> to enforce this requirement. However, that does not mean the
> authoritative server can simply ignore this rule.
>
> Also, if two different providers are using different algorithms, that
> means two DS records with different algorithms are distributed to the
> parent. And now the algorithm is signaled in the parent and a validator
> may execute the multiple algorithms protection check, expecting both
> chain of trusts to work.
>
> In other words, please adapt section 4 to be more strict when it comes
> to multiple algorithms. If you agree, I am happy to provide the
> suggested text.
>
> Again my apologies for bringing this up so late.
>
> Best regards,
>
> Matthijs
>

v2.23.0 | Report a Bug | By Email