[DNSOP] Re: IDKEY and Keytrap
Mark Andrews <marka@isc.org> Tue, 23 July 2024 20:15 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80149C1D4A7F for <dnsop@ietfa.amsl.com>; Tue, 23 Jul 2024 13:15:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.407
X-Spam-Level:
X-Spam-Status: No, score=-4.407 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b="F1R5rZ4X"; dkim=pass (1024-bit key) header.d=isc.org header.b="anPicSeR"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0ePoIWQd_4wF for <dnsop@ietfa.amsl.com>; Tue, 23 Jul 2024 13:15:44 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.2.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 80978C1840E1 for <dnsop@ietf.org>; Tue, 23 Jul 2024 13:15:44 -0700 (PDT)
Received: from zimbrang.isc.org (zimbrang.isc.org [149.20.2.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id 2D86D3AB274; Tue, 23 Jul 2024 20:15:44 +0000 (UTC)
ARC-Filter: OpenARC Filter v1.0.0 mx.pao1.isc.org 2D86D3AB274
Authentication-Results: mx.pao1.isc.org; arc=none smtp.remote-ip=149.20.2.31
ARC-Seal: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1721765744; cv=none; b=COYQRNKfikWJ5FnLDebdX0eW0zxrXou+t+lKISt0r3zVxOcunEY9Ml2tAxQlI+1wEbrzrs9IfQ88dcUz3NXdLxP8erQaXj4BpNF6g+KBD3JMXynLRgBazkIt82iQIgquyt8PgUqJ2pQ1ghI7nF5LjTOYE8auWiZrGfF/iD3nkq8=
ARC-Message-Signature: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1721765744; c=relaxed/relaxed; bh=7LGp/3Z87nI4+TY/0FkkFROYJi4RFL82stips7qpeug=; h=DKIM-Signature:DKIM-Signature:Mime-Version:Subject:From:Date: Message-Id:To; b=ksX3WgHV5ILT4LJyT08H2hAhZHpkaNE3zNsL3dwV2tHVHIr+W+cvj3dwjhaiFpyWnrTdflCDbUbUccxMehDyAq9BbVuJR4agFDhd/qpeSB9obCLBshg3vDUz2fkP2e5vjaRzbJArulTC0eIWWw8yiXjtVEiipwHAGBh9Wqy0udc=
ARC-Authentication-Results: i=1; mx.pao1.isc.org
DKIM-Filter: OpenDKIM Filter v2.10.3 mx.pao1.isc.org 2D86D3AB274
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1721765744; bh=OjUqqBl6WqhSSnraJB+HSLvVvcF+XShM5NFyshUJAV0=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=F1R5rZ4XSuG3yg9/AkqL4IYd/3z8DmTP0xOGdtAQISUQir0QMAbKp9iSmVSj54vL2 vXewDjFDGF64OIgWww1Jlv08NBlrJu6GTWY/8+MQyvhc+Y/+2kOoGpUNsmNNef3VPk gfGxPaKq7xJUBjd5Lgw9wr79+Z9uf873ghLkH5nA=
Received: from zimbrang.isc.org (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTPS id 278DEE681D1; Tue, 23 Jul 2024 20:15:44 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTP id 05FFEE681CE; Tue, 23 Jul 2024 20:15:44 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbrang.isc.org 05FFEE681CE
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1721765744; bh=7LGp/3Z87nI4+TY/0FkkFROYJi4RFL82stips7qpeug=; h=Mime-Version:From:Date:Message-Id:To; b=anPicSeRF8ICcovvr/ILaWjlCYUWndLU2KQUrsTR0IDu2n/0e9Ev69s2ixbfndZJs bmRh+FWBDeTZ9hRd1T5JrKCFW72B1+Sb4YkR/T6odUDk/gKX2WUCrQRT95gTFhS1He myjFNzTfKaWe9+CAP8VJBNLn02AbLlnoG9wU1ahQ=
Received: from zimbrang.isc.org ([127.0.0.1]) by localhost (zimbrang.isc.org [127.0.0.1]) (amavis, port 10026) with ESMTP id qTQERsVJcT_9; Tue, 23 Jul 2024 20:15:43 +0000 (UTC)
Received: from smtpclient.apple (dhcp-891b.meeting.ietf.org [31.133.137.27]) by zimbrang.isc.org (Postfix) with ESMTPSA id B2467E6756A; Tue, 23 Jul 2024 20:15:43 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.1\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <m1sWLXn-0000LiC@stereo.hq.phicoh.net>
Date: Tue, 23 Jul 2024 13:15:41 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <7FAF18D5-704E-4052-9767-FDFBB069C2FA@isc.org>
References: <m1sWLXn-0000LiC@stereo.hq.phicoh.net>
To: Philip Homburg <pch-dnsop-5@u-1.phicoh.com>
X-Mailer: Apple Mail (2.3731.700.6.1.1)
Message-ID-Hash: G6ZYDUQU642NTZJU5HXKNBTJM7UTGWFE
X-Message-ID-Hash: G6ZYDUQU642NTZJU5HXKNBTJM7UTGWFE
X-MailFrom: marka@isc.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: dnsop <dnsop@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: IDKEY and Keytrap
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/LDXBVkrxu7oavZO-BgtcBLGvxk8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>
> On 23 Jul 2024, at 12:51, Philip Homburg <pch-dnsop-5@u-1.phicoh.com> wrote: > >> The ANRW talk "Protocol Fixes for KeyTrap Vulnerabilities this >> afternoon by Elias Heftrig, Haya Schulmann, Niklas Vogel, Michael >> Waidner is proposing that there is a type roll for DS and DNSKEY. >> I dont think this is needed. The only change actually need is to >> add a new requirement that says that new DNSKEY algorithms MUST >> have DNSKEY RRsets that do not have colliding key tags. Validators >> can then depend on this behaviour with new key DNSKEY algorithms. >> The only question is do we add aliases for the existing key types. > > I can see 3 problems with this approach: > 1) we are only safe when the last algorithm that allows colliding keys > has been deprecated. That may be many decades from now. We are nowhere > near deprecating algorithms that use SHA-1. And how is this different to migrating to IDKEY? The validator would need to support DS + IDDS + DNSKEY + IDKEY for a significant period. One can turn off support for algorithms without the new semantics. As for *SHA-1 many validators already treat those algorithms as unsupported. > 2) Some operators expressed concerns about prohibiting colliding keys, > especially in multi-signer setups. Delaying the deprecation of current > algorithms. There are several easy ways to address this. IDKEY would require this to be addressed. Nothing different here. > 3) My own analysis shows that for reasonable zones there is no need to > tolerate more than 1 signature verification failure per RRset. So > the gains are no all that high. One failure is one too many. IDKEY and this are about removing the need to have to process duplicate key ids when validating. We have done stuff like this before with the introduction of NSEC3. It is achievable. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [DNSOP] Re: IDKEY and Keytrap Philip Homburg
- [DNSOP] Re: IDKEY and Keytrap Mark Andrews
- [DNSOP] IDKEY and Keytrap Mark Andrews
- [DNSOP] Re: IDKEY and Keytrap Philip Homburg