Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt

Ondřej Surý <ondrej@isc.org> Thu, 26 July 2018 03:47 UTC

Return-Path: <ondrej@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 18579130E73 for <dnsop@ietfa.amsl.com>; Wed, 25 Jul 2018 20:47:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.921
X-Spam-Level:
X-Spam-Status: No, score=-5.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pUmRiylKo3ld for <dnsop@ietfa.amsl.com>; Wed, 25 Jul 2018 20:47:14 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1B1E9130E9E for <dnsop@ietf.org>; Wed, 25 Jul 2018 20:47:14 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 532D33AB040; Thu, 26 Jul 2018 03:47:13 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 3FD22160047; Thu, 26 Jul 2018 03:47:13 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 2B097160053; Thu, 26 Jul 2018 03:47:13 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id uVOW97wodQLs; Thu, 26 Jul 2018 03:47:13 +0000 (UTC)
Received: from [10.10.0.181] (40.20.broadband5.iol.cz [88.100.20.40]) by zmx1.isc.org (Postfix) with ESMTPSA id 1E561160047; Thu, 26 Jul 2018 03:47:11 +0000 (UTC)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.17\))
From: =?utf-8?B?T25kxZllaiBTdXLDvQ==?= <ondrej@isc.org>
In-Reply-To: <4DCC5A51-1AB0-47B6-92B5-79B6894F9A9C@verisign.com>
Date: Thu, 26 Jul 2018 05:47:08 +0200
Cc: dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <6FFED142-0752-40FD-AF5C-7E9D6617DC03@isc.org>
References: <4DCC5A51-1AB0-47B6-92B5-79B6894F9A9C@verisign.com>
To: "Weinberg, Matt" <mweinberg=40verisign.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3445.100.17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/JiKtbmkJkLr-flPUmJ_hXAa-ths>
Subject: Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jul 2018 03:47:17 -0000

Hi Matt, and other authors,

with my cryptoplumber[1] hat, I am strongly opposed to using SHA-1 and GOST R 34.11-94 for ZONEMD.

It is my understanding, that the specific usage of hashing function in the DS record improves the collision
resistance of the algorithm, because the input data is so small and it has to be a valid DNSKEY record[2].

For ZONEMD, this isn’t true, as you can (in theory) feed the zone with infinite amount of non-DNSSEC-signed
data (GLUEs, delegations) thus making the collision attack feasible.

Thus I believe, the Section 2.1.2 must be changed to disallow usage of algorithms with weakened collision
resistance (and algorithms deprecated by the Russians themselves :). It wouldn’t be enough just to discourage
SHA-1 for creating the ZONEMD, but it needs to be forbidden to use it for validating such record.
I think that new IANA table for ZONEMD must be established, because the security properties of the algorithm
usage are different in DS and ZONEMD records.

Thanks,
Ondrej

1. I would be happy if any real cryptographer would chime in.

2. It doesn’t have to be valid DNSKEY if you just want to cause ruckus, but if you are able to inject invalid DS
    records, you might as well cause damage at other levels of the DNS tree.

--
Ondřej Surý
ondrej@isc.org

> On 23 May 2018, at 17:32, Weinberg, Matt <mweinberg=40verisign.com@dmarc.ietf.org> wrote:
> 
> Greetings dnsop,
> 
> We’ve posted a new version of draft-wessels-dns-zone-digest.  Of note, this -01 version includes the following changes:
> 
> 	• Warren Kumari and Wes Hardaker have been added as coauthors.
> 	• Several points of clarification in wording and descriptions.
> 	• Removed the requirement to sort by RR CLASS.
> 	• Added a Change Log section.
> 
> Warren and Wes had started on a very similar but unpublished draft, which we should've remembered.  Thanks to them for agreeing to join this document as coauthors.
> We plan to ask for time on the dnsop agenda in Montreal.  Your feedback is welcome and appreciated.    
> 
> Thanks.
> 
> ----
> 
>    A new version of I-D, draft-wessels-dns-zone-digest-01.txt
>    has been successfully submitted by Matt Weinberg and posted to the
>    IETF repository.
> 
>    Name:		draft-wessels-dns-zone-digest
>    Revision:	01
>    Title:		Message Digest for DNS Zones
>    Document date:	2018-05-17
>    Group:		Individual Submission
>    Pages:		13
>    URL:            https://www.ietf.org/internet-drafts/draft-wessels-dns-zone-digest-01.txt
>    Status:         https://datatracker.ietf.org/doc/draft-wessels-dns-zone-digest/
>    Htmlized:       https://tools.ietf.org/html/draft-wessels-dns-zone-digest-01
>    Htmlized:       https://datatracker.ietf.org/doc/html/draft-wessels-dns-zone-digest
>    Diff:           https://www.ietf.org/rfcdiff?url2=draft-wessels-dns-zone-digest-01
> 
>    Abstract:
>       This document describes a protocol and DNS Resource Record used to
>       provide a message digest over DNS zone data.  In particular, it
>       describes how to compute, sign, represent, and use the message digest
>       to verify the contents of a zone for accuracy and completeness.  The
>       ZONEMD Resource Record type is introduced for conveying the message
>       digest data.
> 
> 
> 
> 
>    Please note that it may take a couple of minutes from the time of submission
>    until the htmlized version and diff are available at tools.ietf.org.
> 
>    The IETF Secretariat
> 
> 
> 
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop