Re: [DNSOP] Review of draft-ietf-dnsop-rfc2845bis-02.txt
Mark Andrews <marka@isc.org> Tue, 20 November 2018 22:29 UTC
Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D4B92130E30 for <dnsop@ietfa.amsl.com>; Tue, 20 Nov 2018 14:29:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Pj5PBJs7SNcw for <dnsop@ietfa.amsl.com>; Tue, 20 Nov 2018 14:29:08 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1CCD130E23 for <dnsop@ietf.org>; Tue, 20 Nov 2018 14:29:07 -0800 (PST)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id A0A183AC8A7; Tue, 20 Nov 2018 22:29:07 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id 761DE160076; Tue, 20 Nov 2018 22:29:07 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 3BBE3160075; Tue, 20 Nov 2018 22:29:07 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id SuKca7zEdlVV; Tue, 20 Nov 2018 22:29:07 +0000 (UTC)
Received: from [172.30.42.67] (c27-253-115-14.carlnfd2.nsw.optusnet.com.au [27.253.115.14]) by zmx1.isc.org (Postfix) with ESMTPSA id 5A70C16003A; Tue, 20 Nov 2018 22:29:06 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <20181119134534.GA1450@jurassic>
Date: Wed, 21 Nov 2018 09:29:03 +1100
Cc: dnsop@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <52AA3F40-6A90-4E83-BFE5-76D132D804C4@isc.org>
References: <154263221088.5303.2024597771109478075@ietfa.amsl.com> <20181119134534.GA1450@jurassic>
To: Mukund Sivaraman <muks@mukund.org>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/LnEHMV_LzJqTpbJy9PvryqkcgsI>
Subject: Re: [DNSOP] Review of draft-ietf-dnsop-rfc2845bis-02.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Nov 2018 22:29:11 -0000
> On 20 Nov 2018, at 12:45 am, Mukund Sivaraman <muks@mukund.org> wrote: > > Hi Stephen, Francis > > On Mon, Nov 19, 2018 at 04:56:50AM -0800, internet-drafts@ietf.org wrote: >> >> A New Internet-Draft is available from the on-line Internet-Drafts directories. >> This draft is a work item of the Domain Name System Operations WG of the IETF. >> >> Title : Secret Key Transaction Authentication for DNS (TSIG) >> Authors : Francis Dupont >> Stephen Morris >> Paul Vixie >> Donald E. Eastlake 3rd >> Olafur Gudmundsson >> Brian Wellington >> Filename : draft-ietf-dnsop-rfc2845bis-02.txt >> Pages : 26 >> Date : 2018-11-19 > > First, I want to point out that this is a bis document and not errata, > so it need not (and should not) be limited to just fixing the TSIG > authenication bypass attack. I strongly feel that RFC 2845 is unclearly > specified, and TSIG (the protocol) is over-specified. This bis revision > should make amends. > > Two points that I request this WG to discuss are: > > 1. Sparsely TSIG signed TCP continuation messages (section 6.4 in draft) I would accept not generating sparsely TSIG signed TCP continuation messages (except for test code) immediately. It will take many years before one could remove the validation side as you need to ensure that all you current peers don’t generate that style of stream. Time of publication +10 years if you want to remove the validation side. By that time there should be very few legacy peers. Add a bit about logging when STSTCM is seen on a connection so it becomes noisy. Include the cut off date. This logging will unfortunately be on the wrong end of the connection but will give some indication of the expected breakage. Start logging at publication date +8 years so the noise is around the breakage time and not immediately. > 2. Truncated MACs > > I feel both should be obsoleted now to reduce implementation complexity > and scope for errors causing authentication bypass. I have talked about > these on this list before, but won't restate comments in support here to > prejudice discussion. This is more complicated. Removing code support will break existing configurations that are using truncated hashes. This would require deciding a cut off date (publication +10 years), logging when used including the cut off date. This is basically human to human rather than machine to machine. Code gets updated. Humans don’t. > I previously reviewed this bis draft here: > https://www.ietf.org/mail-archive/web/dnsop/current/msg21227.html > > Many of my review comments were responded to with the terse "17y" > comment by one of the authors. > > However, ome of the comments from my previous review have been > incorporated into the current document, but some have not. I > specifically request Stephen to read the comments in my previous review > carefully comparing against the current text in context, because I feel > some of those changes still have to be made. > > Soon after this TSIG authentication bypass attack was reported, during a > review of the BIND TSIG implementation by Ray Bellis and me, we found a > couple of other issues. One of them is not a real-world issue (to do > with under-specification of what to do with full MAC length having > non-integral number of octets - there are no such common HMACs > currently), and another that I'm not able to remember that had to do > with an off-by-1 (or something similar) on the fudge and time signed > fields. Do you have any recollection of it Ray? > > Mukund > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- [DNSOP] I-D Action: draft-ietf-dnsop-rfc2845bis-0… internet-drafts
- [DNSOP] Review of draft-ietf-dnsop-rfc2845bis-02.… Mukund Sivaraman
- Re: [DNSOP] Review of draft-ietf-dnsop-rfc2845bis… Ray Bellis
- Re: [DNSOP] Review of draft-ietf-dnsop-rfc2845bis… Mark Andrews
- Re: [DNSOP] Review of draft-ietf-dnsop-rfc2845bis… Mukund Sivaraman
- Re: [DNSOP] Review of draft-ietf-dnsop-rfc2845bis… Mukund Sivaraman
- Re: [DNSOP] Review of draft-ietf-dnsop-rfc2845bis… Francis Dupont