Re: [DNSOP] Fwd: New Version Notification for draft-sury-toorop-dns-cookies-algorithms-00.txt

Bob Harold <rharolde@umich.edu> Thu, 14 March 2019 14:21 UTC

Return-Path: <rharolde@umich.edu>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 94392130EA4 for <dnsop@ietfa.amsl.com>; Thu, 14 Mar 2019 07:21:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umich.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vwL0VCfnlCx8 for <dnsop@ietfa.amsl.com>; Thu, 14 Mar 2019 07:21:18 -0700 (PDT)
Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 232D6130E95 for <dnsop@ietf.org>; Thu, 14 Mar 2019 07:21:17 -0700 (PDT)
Received: by mail-lj1-x233.google.com with SMTP id y9so4712300ljk.6 for <dnsop@ietf.org>; Thu, 14 Mar 2019 07:21:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umich.edu; s=google-2016-06-03; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=E6ewucrqNOn+iJkNnw3+6q00Ci6aTXmQg6QSeW6Cvlg=; b=eMrDq8Yi0bZxPrZZIFB9LF3w8ygbqlSClQXg+2xrv5KErN9TfvxiNCEXwtASwYqSY7 xyztkP4JO2OgEmg4dJ4qY3e5dS++FBuKUgYqIkm8Mu50qZIDt9vWt7ettMOXFSMLx185 gdWTGF2LqUQIpZhtoeutNTBH18m3jPrYAzNmqb67bo0B7erGp7gkp6LxAo+Bwh/8KerT czb6sEAhL+tO/GLWtAt+JVrFRMD2p9snBp86Tg+To+GjDs7y/jLOgddXJbUu6L7ane7E d9q52Yo5w74K5mSDnPLPZhiPoC03UfCcvWD9bHI7d4BcLWZl08HJJnGI0HUnoKTO1KGX ovEw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=E6ewucrqNOn+iJkNnw3+6q00Ci6aTXmQg6QSeW6Cvlg=; b=rxQFtw92aqbaLRY6NCUWWyWnyIiMsJxmGIET1TeVYqV9xjZ9j15LJHx9auKE56SE8t VYSeAdsNW4zNZ59G4WcKDDdNf76zppxUQuqIhWoKRlQ/rJOD55H8SWrrbkFhhSrPUxi1 0e1Mq9DRJucS8W6u1dMUpoUMRUHGo2v2nyOOmsXrge8zSdITiH0pFxY6aszPBc0WeGr+ ZngltkRkMu6M2xsXGssugMWu3tAjcqlh77N/DWBH4ZuJ1BoNGRQ9ByCULtHu2oRyGMmh aesnz3ngfVSLtWkq6FBTt9yQdeI551KlT+gg6MlFCa264/yit5KeJMVk1fFXvRLCIzSt T8zA==
X-Gm-Message-State: APjAAAWZwo8sNpW5vymP/mZChMxGCwvesqoPFhfHtHE1u+/g3l1EK7AT gjh5V1BMJa/eGgj0ilKrxxTvIit5LOuFjqof8SgHDRS16fY=
X-Google-Smtp-Source: APXvYqxwin8IXoGizr4wHMAGLFsiI2o7cIX3nFb/070LQ4/WGtiwm0r2t7+i6pOYtCbp8YarlSONDqan4aReMIR9OrI=
X-Received: by 2002:a2e:9dda:: with SMTP id x26mr26547805ljj.53.1552573276000; Thu, 14 Mar 2019 07:21:16 -0700 (PDT)
MIME-Version: 1.0
References: <155232074470.23098.423370236233432374.idtracker@ietfa.amsl.com> <5ea56c94-5462-ac44-462f-0f0e0a435e5e@nlnetlabs.nl>
In-Reply-To: <5ea56c94-5462-ac44-462f-0f0e0a435e5e@nlnetlabs.nl>
From: Bob Harold <rharolde@umich.edu>
Date: Thu, 14 Mar 2019 10:21:04 -0400
Message-ID: <CA+nkc8B-zr6SPTFu7hm8AAFdcABUGXGgyWA70P0wR2BS+j6Mng@mail.gmail.com>
To: Willem Toorop <willem@nlnetlabs.nl>
Cc: IETF DNSOP WG <dnsop@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000009aaf9805840ea2b0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/JdsBIShLgkgSa61VTa1QVFK4_K4>
Subject: Re: [DNSOP] Fwd: New Version Notification for draft-sury-toorop-dns-cookies-algorithms-00.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Mar 2019 14:21:22 -0000

On Tue, Mar 12, 2019 at 7:29 AM Willem Toorop <willem@nlnetlabs.nl>; wrote:

> Dear DNSOP,
>
> A new draft has been submitted addressing the issue of DNS Cookies in
> multi-vendor anycast deployments.
>
> DNS Cookies are currently impractical in such deployments, because one
> implementation - even though it shares its secret with another
> implementation - cannot validate the Server Cookies constructed by that
> other implementation, because their methods for constructing Server
> Cookies differ.
>
> This draft provides precise directions for creating Server Cookies to
> align the implementations.  In doing so, this draft introduces a
> registry for functions suitable for Cookie construction.  More
> specifically, FNV and HMAC-SHA-256-64 are obsoleted and SipHash-2.4 is
> introduced as a suitable function.
>
> Willem
>
> -------- Forwarded Message --------
> Subject: New Version Notification for
> draft-sury-toorop-dns-cookies-algorithms-00.txt
> Date: Mon, 11 Mar 2019 09:12:24 -0700
> From: internet-drafts@ietf.org
> To: Willem Toorop <willem@nlnetlabs.nl>;, Ondrej Sury <ondrej@isc.org>;
>
>
> A new version of I-D, draft-sury-toorop-dns-cookies-algorithms-00.txt
> has been successfully submitted by Willem Toorop and posted to the
> IETF repository.
>
> Name:           draft-sury-toorop-dns-cookies-algorithms
> Revision:       00
> Title:          Algorithms for Domain Name System (DNS) Cookies
> construction
> Document date:  2019-03-11
> Group:          Individual Submission
> Pages:          7
> URL:
>
> https://www.ietf.org/internet-drafts/draft-sury-toorop-dns-cookies-algorithms-00.txt
> Status:
> https://datatracker.ietf.org/doc/draft-sury-toorop-dns-cookies-algorithms/
> Htmlized:
> https://tools.ietf.org/html/draft-sury-toorop-dns-cookies-algorithms-00
> Htmlized:
>
> https://datatracker.ietf.org/doc/html/draft-sury-toorop-dns-cookies-algorithms
>
>
> Abstract:
>    [RFC7873] left the construction of Server Cookies to the discretion
>    of the DNS Server (implementer) which has resulted in a gallimaufry
>    of different implementations.  As a result, DNS Cookies are
>    impractical to deploy on multi-vendor anycast networks, because the
>    Server Cookie constructed by one implementation cannot be validated
>    by another.
>
>    This document provides precise directions for creating Server Cookies
>    to address this issue.  Furthermore, [FNV] is obsoleted as a suitable
>    Hash function for calculating DNS Cookies.  [SipHash-2.4] is
>    introduced as a new REQUIRED Hash function for calculating DNS
>    Cookies.
>
>    This document updates [RFC7873]
>

This document looks useful, but I have a concern:

2. Constructing a Client Cookie

"If a secure pseudorandom
function (like SipHash24) is used there's no need to change Client
secret periodically and change the Client secret only if it has been
compromised."

3. Constructing a Server Cookie

"The Server Cookie is not required to be changed periodically if a
secure pseudorandom function is used."

I am not a cryptography expert, but the above sounds like the Client secret
and Server Cookie could be left forever without changing them, which seems
like a bad idea. And how would one know "if it has been compromised"?
Please explain.

I you meant "change every few years instead of hourly", then please say
that.

-- 
Bob Harold