[DNSOP] Re: [Ext] Dnsdir last call review of draft-ietf-dnsop-rfc7958bis-03

Paul Hoffman <paul.hoffman@icann.org> Fri, 02 August 2024 00:41 UTC

Return-Path: <paul.hoffman@icann.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12F65C14F61C; Thu, 1 Aug 2024 17:41:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mu-ZNwiNx_FR; Thu, 1 Aug 2024 17:41:56 -0700 (PDT)
Received: from ppa4.dc.icann.org (ppa4.dc.icann.org [192.0.46.77]) by ietfa.amsl.com (Postfix) with ESMTP id 83B30C14F5F5; Thu, 1 Aug 2024 17:41:56 -0700 (PDT)
Received: from MBX112-W2-CO-1.pexch112.icann.org (out.mail.icann.org [64.78.33.5]) by ppa4.dc.icann.org (8.18.1.2/8.18.1.2) with ESMTPS id 4720Xh1s014272 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 1 Aug 2024 17:33:43 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org (10.226.41.128) by MBX112-W2-CO-2.pexch112.icann.org (10.226.41.130) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.11; Thu, 1 Aug 2024 17:41:50 -0700
Received: from MBX112-W2-CO-1.pexch112.icann.org ([169.254.44.235]) by MBX112-W2-CO-1.pexch112.icann.org ([169.254.44.235]) with mapi id 15.02.1544.011; Thu, 1 Aug 2024 17:41:50 -0700
From: Paul Hoffman <paul.hoffman@icann.org>
To: Petr Špaček <pspacek@isc.org>
Thread-Topic: [Ext] Dnsdir last call review of draft-ietf-dnsop-rfc7958bis-03
Thread-Index: AQHa4z0kyPuqGRqL4UCzJvdq81Xy87ISAmEAgADcQgCAALnAgA==
Date: Fri, 02 Aug 2024 00:41:50 +0000
Message-ID: <4B662AEC-B546-4376-9945-F045F4A0B5D4@icann.org>
References: <172242543510.2137530.14005988379230936314@dt-datatracker-659f84ff76-9wqgv> <C5054E75-79B2-4BDF-BA77-60CEB6479AC2@icann.org> <a8c98c83-9af9-4c0b-baef-199e57abf96b@isc.org>
In-Reply-To: <a8c98c83-9af9-4c0b-baef-199e57abf96b@isc.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.0.32.234]
x-source-routing-agent: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <F5BCEB7AE0FE3B4E9855390F2ECF2D8A@pexch112.icann.org>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-08-01_22,2024-08-01_01,2024-05-17_01
Message-ID-Hash: N25PXLYTJZLTMI7O6KOQMBE5TFZ7DZOY
X-Message-ID-Hash: N25PXLYTJZLTMI7O6KOQMBE5TFZ7DZOY
X-MailFrom: paul.hoffman@icann.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "dnsdir@ietf.org" <dnsdir@ietf.org>, "dnsop@ietf.org WG" <dnsop@ietf.org>, "draft-ietf-dnsop-rfc7958bis.all@ietf.org" <draft-ietf-dnsop-rfc7958bis.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: [Ext] Dnsdir last call review of draft-ietf-dnsop-rfc7958bis-03
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/J_oNi5RQObvE4pThbfiWwIfiFNY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On Aug 1, 2024, at 06:37, Petr Špaček <pspacek@isc.org> wrote:
> 
> >>> snip <<< I removed the parts where we understood each other.
> 
> On 01. 08. 24 2:28, Paul Hoffman wrote:
>>>> 2.4. Converting from XML to DNSKEY Records
>>>> The published trust anchor does not provide values for DNSKEY protocol or
>>>> flags. For the purpose of this mechanism, clients can assume valid trust
>>>> anchors will be have the ZONE and SEP flag bits set to 1.
>>> I think it is extremely bad idea to ignore fields, especially Flags. There are
>>> various proposals for new DNSKEY flag usage in the DD WG.
>>> 
>>> Even if we say that DD WG will go down in flames before it produces anything I
>>> think it's_extremely_  bad idea to omit pieces of information and assume that
>>> client can reliably fill in missing pieces with constants. I would say that the
>>> missing DNSKEY fields really really must be represented explicitly. (E.g. I
>>> don't want to go down the rabbit hole of all REVOKE flag corner cases.)
>> I don't understand how the quoted text suggests that users of the zone file ignore fields or flags. Can you suggest text to fix your concern?
> 
> Specifically:
> > clients can assume valid trust anchors will be have the ZONE and SEP flag bits set to 1.
> 
> This text ignores all non-{ZONE,SEP} flags. Readers have no instruction about the _other_ flags, and in a hypothetical future, TA can conceivably have one or more of these extra flags set. E.g. a new flag for DELEG downgrade resistance which is under discussion in the DD WG. Will we need update the format again? (I think that would be wrong.)
> 
> I think absence of explicit Flags field is unnecessary shortcut which will just bite us down the road (or force document & software update).

I'm still not understanding the need here. The flags are included in the calculation for the DS record, which is mandatory in the file format.

> My proposal is to do one of:
> a) get rid of PublicKey element completely (see below)
> b) include explicit XML element with Flags - and when we are at it we can add Protocol element as well for completeness.
> 
>>> On high level I also find confusing that the new element is optional - that
>>> makes it unreliable for consumers because there are no rules for when it might
>>> or might not be present.
>> It is optional because some signing mechanisms don't automatically generate DNSKEY values. For example, the current trust anchor file only has the DS of KSK-2024 because IANA needs to make a software change to get the DNSKEY (which it will do in a few months). Other HSMs might be similar. A DS has always been sufficient; a DNSKEY would be an upgrade, but is not necessary.
> 
> A trust anchor with nonexistent DNSKEY representation is not usable in DNSSEC because nobody can validate signatures made with it, is that correct? If so, why such keys need to be represented in this format?
> 
> An alternative angle:
> Why is the new PublicKey element even needed? There's no guarantee it will be ever present which makes it unusable - no software can _rely_ on it's presence. I.e. it does not seem useful while it introduces new nasty corner cases.
> 
> Or yet another wording of the same problem:
> Under what conditions software reading file in this format _needs_ the PublicKey element and cannot do with the mandatory fields?

Some software vendors complained that they needed the full DNSKEY for the trust anchors. They could not use the file: they had to wait for the DNSKEY records to appear in the root zone. At least one of those vendors scraped the ceremony materials to find the DNSKEY to use as their trust anchor before the record appeared in the root zone.

> I find
> > It can be useful when IANA has a trust anchor that has not yet been published in the DNS root.
> too vague to justify that we need the _optional_ PublicKey element which might or might not be present, with and all the trouble it adds.

That might be true for your own implementation, but it was requested and accepted by the WG.

>>> Also there are no rules for what to do when reconstructed DS and DNSKEY don't
>>> match - which can totally happen given the half-representation we have in the
>>> current version.
>> Fully agree; we will add words to say in such a case the specific key should not be trusted.
>>> Is there implementation experience with the new format? What was the
>>> implementer feedback?
>> We have heard informally that some implementers have added the new features with no problems, but they obviously can't test it until there is a new trust anchor file from IANA, and that's waiting on the standard to be published.
> 
> Surely it can be tested with mock keys.
> 
> Is there some feedback about PublicKey field usage? Under what conditions it is needed?
> 
> aka "RFC 1925 Truth (12)".
> 
>>> TL;DR there are issues which can be addressed with smallish amendments

--Paul Hoffman