Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt

Ondřej Surý <ondrej@isc.org> Thu, 26 July 2018 16:43 UTC

Return-Path: <ondrej@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5451130E0E for <dnsop@ietfa.amsl.com>; Thu, 26 Jul 2018 09:43:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.921
X-Spam-Level:
X-Spam-Status: No, score=-5.921 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7_Knbr8u2URn for <dnsop@ietfa.amsl.com>; Thu, 26 Jul 2018 09:43:04 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 59539131223 for <dnsop@ietf.org>; Thu, 26 Jul 2018 09:43:04 -0700 (PDT)
Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 3877C3AB041; Thu, 26 Jul 2018 16:43:04 +0000 (UTC)
Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTPS id E8F77160075; Thu, 26 Jul 2018 16:43:03 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id C9A0E160072; Thu, 26 Jul 2018 16:43:03 +0000 (UTC)
Received: from zmx1.isc.org ([127.0.0.1]) by localhost (zmx1.isc.org [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id vW3_X7dxEhjX; Thu, 26 Jul 2018 16:43:03 +0000 (UTC)
Received: from [10.10.0.181] (40.20.broadband5.iol.cz [88.100.20.40]) by zmx1.isc.org (Postfix) with ESMTPSA id C6CA7160043; Thu, 26 Jul 2018 16:43:02 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 12.0 \(3445.100.17\))
From: Ondřej Surý <ondrej@isc.org>
In-Reply-To: <056430ED-F87E-4170-B2D0-0EA3F57D9C60@verisign.com>
Date: Thu, 26 Jul 2018 18:43:00 +0200
Cc: "Weinberg, Matt" <mweinberg=40verisign.com@dmarc.ietf.org>, dnsop <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <3B9A8C03-3095-46EE-A5FF-0EFC0D9FD3ED@isc.org>
References: <4DCC5A51-1AB0-47B6-92B5-79B6894F9A9C@verisign.com> <6FFED142-0752-40FD-AF5C-7E9D6617DC03@isc.org> <056430ED-F87E-4170-B2D0-0EA3F57D9C60@verisign.com>
To: Duane Wessels <dwessels@verisign.com>
X-Mailer: Apple Mail (2.3445.100.17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/OVyoG-TVulSO3wHLdxmonWdqWMA>
Subject: Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jul 2018 16:43:07 -0000

> On 26 Jul 2018, at 18:40, Wessels, Duane <dwessels@verisign.com> wrote:
> 
> Ondrej,
> 
> Thanks, I think thats a fair point.  I was of course hoping to not create yet another IANA registry.
> 
> If the ZONEMD RR included a count of records as suggested by Paul Wouters would you then be comfortable
> just using the DS hash algorithms?

That’s probably question you need to ask some cryptographer, so take my opinion with a grain of salt.

If <n> is the number of ZONEMD-covered records, then the probability of collision attack gets higher.  So, unless
I am mistaken, the delegation heavy zones would be especially susceptible to a collision attack.  Does it make
sense?

Ondrej
--
Ondřej Surý
ondrej@isc.org


> DW
> 
> 
>> On Jul 25, 2018, at 8:47 PM, Ondřej Surý <ondrej@isc.org> wrote:
>> 
>> Hi Matt, and other authors,
>> 
>> with my cryptoplumber[1] hat, I am strongly opposed to using SHA-1 and GOST R 34.11-94 for ZONEMD.
>> 
>> It is my understanding, that the specific usage of hashing function in the DS record improves the collision
>> resistance of the algorithm, because the input data is so small and it has to be a valid DNSKEY record[2].
>> 
>> For ZONEMD, this isn’t true, as you can (in theory) feed the zone with infinite amount of non-DNSSEC-signed
>> data (GLUEs, delegations) thus making the collision attack feasible.
>> 
>> Thus I believe, the Section 2.1.2 must be changed to disallow usage of algorithms with weakened collision
>> resistance (and algorithms deprecated by the Russians themselves :). It wouldn’t be enough just to discourage
>> SHA-1 for creating the ZONEMD, but it needs to be forbidden to use it for validating such record.
>> I think that new IANA table for ZONEMD must be established, because the security properties of the algorithm
>> usage are different in DS and ZONEMD records.
>> 
>> Thanks,
>> Ondrej
>> 
>> 1. I would be happy if any real cryptographer would chime in.
>> 
>> 2. It doesn’t have to be valid DNSKEY if you just want to cause ruckus, but if you are able to inject invalid DS
>>   records, you might as well cause damage at other levels of the DNS tree.
>> 
>> --
>> Ondřej Surý
>> ondrej@isc.org
>> 
>>> On 23 May 2018, at 17:32, Weinberg, Matt <mweinberg=40verisign.com@dmarc.ietf.org> wrote:
>>> 
>>> Greetings dnsop,
>>> 
>>> We’ve posted a new version of draft-wessels-dns-zone-digest.  Of note, this -01 version includes the following changes:
>>> 
>>> 	• Warren Kumari and Wes Hardaker have been added as coauthors.
>>> 	• Several points of clarification in wording and descriptions.
>>> 	• Removed the requirement to sort by RR CLASS.
>>> 	• Added a Change Log section.
>>> 
>>> Warren and Wes had started on a very similar but unpublished draft, which we should've remembered.  Thanks to them for agreeing to join this document as coauthors.
>>> We plan to ask for time on the dnsop agenda in Montreal.  Your feedback is welcome and appreciated.    
>>> 
>>> Thanks.
>>> 
>>> ----
>>> 
>>>  A new version of I-D, draft-wessels-dns-zone-digest-01.txt
>>>  has been successfully submitted by Matt Weinberg and posted to the
>>>  IETF repository.
>>> 
>>>  Name:		draft-wessels-dns-zone-digest
>>>  Revision:	01
>>>  Title:		Message Digest for DNS Zones
>>>  Document date:	2018-05-17
>>>  Group:		Individual Submission
>>>  Pages:		13
>>>  URL:            https://www.ietf.org/internet-drafts/draft-wessels-dns-zone-digest-01.txt
>>>  Status:         https://datatracker.ietf.org/doc/draft-wessels-dns-zone-digest/
>>>  Htmlized:       https://tools.ietf.org/html/draft-wessels-dns-zone-digest-01
>>>  Htmlized:       https://datatracker.ietf.org/doc/html/draft-wessels-dns-zone-digest
>>>  Diff:           https://www.ietf.org/rfcdiff?url2=draft-wessels-dns-zone-digest-01
>>> 
>>>  Abstract:
>>>     This document describes a protocol and DNS Resource Record used to
>>>     provide a message digest over DNS zone data.  In particular, it
>>>     describes how to compute, sign, represent, and use the message digest
>>>     to verify the contents of a zone for accuracy and completeness.  The
>>>     ZONEMD Resource Record type is introduced for conveying the message
>>>     digest data.
>>> 
>>> 
>>> 
>>> 
>>>  Please note that it may take a couple of minutes from the time of submission
>>>  until the htmlized version and diff are available at tools.ietf.org.
>>> 
>>>  The IETF Secretariat
>>> 
>>> 
>>> 
>>> _______________________________________________
>>> DNSOP mailing list
>>> DNSOP@ietf.org
>>> https://www.ietf.org/mailman/listinfo/dnsop
>> 
>> _______________________________________________
>> DNSOP mailing list
>> DNSOP@ietf.org
>> https://www.ietf.org/mailman/listinfo/dnsop
>