[DNSOP] Re: [Ext] Request: Review changes - draft-ietf-dnsop-rfc7958bis-03 → 04.

Petr Špaček <pspacek@isc.org> Mon, 26 August 2024 15:51 UTC

Return-Path: <pspacek@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6526C14F706 for <dnsop@ietfa.amsl.com>; Mon, 26 Aug 2024 08:51:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.408
X-Spam-Level:
X-Spam-Status: No, score=-4.408 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b="cip5eSMh"; dkim=pass (1024-bit key) header.d=isc.org header.b="k9NhbU3H"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p7JoMvtHEoKo for <dnsop@ietfa.amsl.com>; Mon, 26 Aug 2024 08:51:32 -0700 (PDT)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.2.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DEF73C14F705 for <dnsop@ietf.org>; Mon, 26 Aug 2024 08:51:31 -0700 (PDT)
Received: from zimbrang.isc.org (zimbrang.isc.org [149.20.2.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id C7B403AB28C; Mon, 26 Aug 2024 15:51:30 +0000 (UTC)
ARC-Filter: OpenARC Filter v1.0.0 mx.pao1.isc.org C7B403AB28C
Authentication-Results: mx.pao1.isc.org; arc=none smtp.remote-ip=149.20.2.31
ARC-Seal: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1724687490; cv=none; b=YgVOIUUs21hTCLyzSmmSM15GMO2boiRT5j3tjdC+w3EqAxHlYzJRzhzsl+VqJvhFH7sdzVvlBJb3HBwv8GyufgldPES30EMbl/ElDc4Az2O1mafWCY5cGfAWy5raehtzKnDviOQH6j0K2Uj867NCW+5FFvWVumlO0ubaccCpc3s=
ARC-Message-Signature: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1724687490; c=relaxed/relaxed; bh=kmP+z51haSg64qtKzr2gZOtjyrV3REHRjdSBA6tsPqA=; h=DKIM-Signature:DKIM-Signature:Message-ID:Date:MIME-Version: Subject:To:From; b=AxdVraRproi/YNW0o8rCCLScVK2tby6C8YX+MRBkKqWW3435iJvf/22PpGCQd2uKqbUC4Ef8sUufb6Y089acOsRWACyx3DlVsIBHLQ5137Z1EjXroPieCfc6bdxlOw70vCDA8Af+Y2AC8BDQaIZoHdyUgojuK3tFfrCCwQ/EmnE=
ARC-Authentication-Results: i=1; mx.pao1.isc.org
DKIM-Filter: OpenDKIM Filter v2.10.3 mx.pao1.isc.org C7B403AB28C
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1724687490; bh=kmP+z51haSg64qtKzr2gZOtjyrV3REHRjdSBA6tsPqA=; h=Date:Subject:To:References:From:In-Reply-To; b=cip5eSMh1oq6xDQmJHUf2HHw5Cglol47hgt0zb5lbwn+C2gTBa9azkExPunksLA2q wDVE1a3+7TBhyKbkvoo0KXqtr5gV9m6ihazG12NpZY7faMQ/YECdrIQEYRIkKGkxjD 4eQRl+b75zKbeSlDKbjBXAmF2Q8H+u64rcgMT0G4=
Received: from zimbrang.isc.org (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTPS id C38C9DEBB17; Mon, 26 Aug 2024 15:51:30 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTP id A16E3DEBB23; Mon, 26 Aug 2024 15:51:30 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbrang.isc.org A16E3DEBB23
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1724687490; bh=kmP+z51haSg64qtKzr2gZOtjyrV3REHRjdSBA6tsPqA=; h=Message-ID:Date:MIME-Version:To:From; b=k9NhbU3Hcn7ORP8pxODHs7MkyJYAUMApuuESdoP1y+G8Th6QmsUsqagIlDXugmC44 AmWUiipw6Ci5Ui14zydYIF/6cD+l2FBWBeRdv/U0SdnDuy7rzlsEKeGaoX7arH5XY+ SNpBeUygOiw0hLu4wAVLIeVwbrDzyJUsLBF8eARY=
Received: from zimbrang.isc.org ([127.0.0.1]) by localhost (zimbrang.isc.org [127.0.0.1]) (amavis, port 10026) with ESMTP id qbUlEoT64G5e; Mon, 26 Aug 2024 15:51:30 +0000 (UTC)
Received: from [192.168.3.149] (unknown [77.236.219.64]) by zimbrang.isc.org (Postfix) with ESMTPSA id EA4A8DEBB17; Mon, 26 Aug 2024 15:51:29 +0000 (UTC)
Message-ID: <cb326dc1-cee9-4369-9cb4-7ffc314e0eb3@isc.org>
Date: Mon, 26 Aug 2024 17:51:25 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Paul Hoffman <paul.hoffman@icann.org>, "dnsop@ietf.org" <dnsop@ietf.org>
References: <CAHw9_iL-ZwwA_pckR+=7SndOvqjfcNX9FjZ9Bim24uSYgTxkyw@mail.gmail.com> <98896B9D-259E-4E46-8DC7-E873D8B25F55@icann.org> <d9aed09d-b1c8-4ba1-9d4e-e83d504bfe40@nthpermutation.com> <65A596AD-1A4F-400A-9404-E2D60A54BE66@icann.org> <36118f44-d18d-443b-8aa8-007b8b62db3f@nthpermutation.com> <49523BCB-7747-44A2-97FA-8F46B238B4E0@icann.org>
From: Petr Špaček <pspacek@isc.org>
Content-Language: en-US
Autocrypt: addr=pspacek@isc.org; keydata= xsFNBF/OJ/4BEAC0jP/EShRZtcI9KmzVK4IoD/GEDtcaNEEQzPt05G8xtC0P4uteXUwW8jaB CdcKIKR4eUJw3wdXXScLNlyh0i+gm5mIvKPrBYNAMOGGnkbAmMQOt9Q+TyGeTSSGiAjfvd/N nYg7L/KjVbG0sp6pAWVORMpR0oChHflzKSjvJITCGdpwagxSffU2HeWrLN7ePES6gPbtZ8HY KHUqjWZQsXLkMFw4yj8ZXuGarLwdBMB7V/9YHVkatJPjTsP8ZE723rV18iLiMvBqh4XtReEP 0vGQgiHnLnKs+reDiFy0cSOG0lpUWVGI50znu/gBuZRtTAE0LfMa0oAYaq997Y4k+na6JvHK hhaZMy82cD4YUa/xNnUPMXJjkJOBV4ghz/58GiT32lj4rdccjQO4zlvtjltjp9MTOFbRNI+I FCf9bykANotR+2BzttYKuCcred+Q7+wSDp9FQDdpUOiGnzT8oQukOuqiEh3J8hinHPGhtovH V22D0cU6T/u9mzvYoULhExPvXZglCLEuM0dACtjVsoyDkFVnTTupaPVuORgoW7nyNl0wDrII ILBqUBwzCdhQpYnyARSjx0gWSG1AQBKkk5SHQBqi1RAYC38M59SkpH0IKj+SaZbUJnuqshXh UIbY1GMHbW/GDhz7pNQFFYm2S4OPUBcmh/0O0Osma151/HjF7wARAQABzR9QZXRyIMWgcGHE jWVrIDxwc3BhY2VrQGlzYy5vcmc+wsGXBBMBCABBAhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4B AheAAhkBFiEEEVO2++xeDVoSYmDzq9WHzfBlga4FAmWT+REFCQelsxMACgkQq9WHzfBlga7y 2Q//Ug58UI9mlnD/guf9mHqpJIMrBs/vX8HlzylsDcZUBTp2TJpzNh/CygPWrHY+IvA9I9+t Ygp0sB+Z9OtVZgW3bpWJ0iWe6N89Q0kwOuhJ75LsfR1V73L5C826M6bLQjYTj6HiwS9Nf+N0 jADhEV/p1KtCuZfwBkYJ4ZM+Na0zWerGPkGw9T9O0gfs0ePehzJ5V0OK0nCqMuC1h8o/rhCb vRCmxdAbNjrOrgKa7HN5DadP/tKstJMM09aXlT5q96fRIyCQyqXQoCrijCWvgAxgjABdh1TB /XsYvBC8+4wy5ZBtTcnxXGrMhrSxU2/vIK6RjDju7OIRClMNepEzvt0gNzxwwxIXVOzl5ioC i/Okovk1rZneFFxbVvaMyIJgY/hShJV7Ei+5S9UZUv6UUmRQ6zukeiSVZrtXs6fWLVlUnBDl Cv/fXi25hrymqNfPSBSB0tyc6YepR1Rq9omTni6DYmEHQuhPMHJ2fuiNNyBaH+9EI7go5e0J LvXVLJGXkMdTcmYHja1pDjmQ1K71gewfPWGFmn0JTa92GuZJaR/4MVePvoV0NTpCP0HiKIg5 0+AOdpvkJReFKTQOX08SwkUkgvy9h9WjBMpD5ymMs4gjJwXtcT1+aVtj9Xcw6tQde9Yyjxde a6UZ3TUfys8qZ8ZKmMKTaCUFukKzWDJMZ91V1b/OwU0EX84n/gEQANARNXihDNc1fLNFZK5s O14Yg2TouK9eo9gGh4yLSrmZ3pjtnuJSpTWmGD4g0EYzhwWA/T+CqjUnrhsvzLQ1ECYVqLpM VqK2OJ9PhLRbx1ITd4SKO/0xvXFkUqDTIF6a5mUCXH5DzTQGSmJwcjoRv3ye+Z1lDzOKJ+Qr gDHM2WLGlSZAVGcUeD1S2Mp/FroNOjGzrFXsUhOBNMo8PSC4ap0ZgYeVBq5aiMaQex0r+uM4 45S1z5N2nkNRYlUARkfKirqQxJ4mtj5XPC/jtdaUiMzvnwcMmLAwPlDNYiU0kO5IqJFBdzmJ yjzomVk1zK9AYS/woeIxETs+s6o7qXtMGGIoMWr6pirpHk4Wgp4TS02BSTSmNzParrFxLpEU dFKq3M0IsBCVGvfNgWL2pKKQVq34fwuBhJFQAigR9B3O9mfaeejrqt73Crp0ng0+Q74+Llzj EIJLOHYTMISTJyxYzhMCQlgPkKoj+TSVkRzBZoYFkUt4OXvlFj73wkeqeF8Z1YWoOCIjwXH9 0u2lPEq0cRHHyK+KSeH1zQJ4xgj0QDGPmkvi81D13sRaaNu3uSfXEDrdYYc+TSZd2bVh2VCr xrcfzQ1uz9fsdC9NPdNd7/mHvcAaNc5e9IhNh67L54aMBkzlJi18d0sWXOOHkyLSvbHnC/OP wv7qCf69PUJmtoeHABEBAAHCwXwEGAEIACYCGwwWIQQRU7b77F4NWhJiYPOr1YfN8GWBrgUC ZZP5UgUJB6WzVAAKCRCr1YfN8GWBrgxpD/949Tz7EtrE9e2yJ4np+y7uW8EDusVM3QsBdkYk yaQTupITew8WWQtNF/QK/MKRi+e/382t78nBq+T7G9PrRi7E4WS9dXdgJiFz25h3mC4TABJZ b6MLcEreLWTaqnR/D6F3AnNXh7GJFY4E6PAwC60W0R9G6R0E+2XeZX011NEGiBMvgZnqzzjU L9h8Gz7a/EsQync4cvLbruPt/UaOV0khKTefsOFj3q3wLY6qN2qw7HfgFRBCh6ME2XRvnwAd iv0pF4HRbXoFalkAsNEYkWQ6mkJjdYCHOWm3TWqXhalgGKqIOrQyMpH2mJpZllKBQiBiQMUz qz0cO9OqBk3xvNLplI3VNcC0WeQ8LEqyYKth2T78hVaIw8K0IcVmZQwXVxL03gojaJ5bK2O+ 2FfqKMcIiU+bqaTXntx+FYRQKblsUBYD77uU9sPVyKWIiHvukLTx7GY1ttn6gZDSIek/tTR7 oaei+xLh5JUgZpMZ4JHnirDWHbrJzYN95e8HWA/+qAOTsa+igZGsc6yA1oJIAnCwkclcLAgc x3GVVeEL+/b9CugZ+1OfbxlRK7gAeu0kyKiEXrUvCQPnPByIIfj4I4IvZO4552cmmnbn31f9 X/9nw+M4qAqOK7bRg65ucv71TayUehNJrfJSYx6P1tXIwzu19tIgtdWTcsszNWALfaUFtg==
In-Reply-To: <49523BCB-7747-44A2-97FA-8F46B238B4E0@icann.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: JBVDTN7WKDN7SPB5UTUJ6GKDCHOJLPIB
X-Message-ID-Hash: JBVDTN7WKDN7SPB5UTUJ6GKDCHOJLPIB
X-MailFrom: pspacek@isc.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: [Ext] Request: Review changes - draft-ietf-dnsop-rfc7958bis-03 → 04.
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/RXdry2-vzn7uvV1V6i17AjKapJ0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

Hi everyone,

I'm responding only to Paul's reaction to my previous comments. I don't 
want discuss IANA operational procedures here so I tried to focus on the 
XML and it's consumers.

On 21. 08. 24 0:20, Paul Hoffman wrote:
> On Aug 10, 2024, at 08:21, Michael StJohns <msj@nthpermutation.com> wrote:
>> On 8/9/2024 5:09 PM, Paul Hoffman wrote:
>>> On Aug 9, 2024, at 12:16, Michael StJohns <msj@nthpermutation.com> wrote:
> On Aug 15, 2024, at 02:43, Petr Špaček <pspacek@isc.org> wrote:
> 
>> I've re-reviewed the -04 version. It addresses the major problem of the format - the inability to represent some DNSSEC TAs.
>>
>> -04 changes resulted in some omissions in the new text, see below.
>>
>>
>>> 2.3. XML Example
>>
>> Between versions -03 and -04 we have lost text with explicit instructions how to reconstruct text representation of DS and DNSKEY. I'm fine with doing it in the new section 2.3 but there are two omissions in the -04 text:
>>
>> A.
>> Missing example of DNSKEY RR reconstruction. It was formerly present in the draft -03 section 2.4. Most notably -04 text is missing instruction about DNSKEY "Protocol" field which is not represented in the XML.
>>
>> I think it needs a reference to RFC 4034 section 2.1.2 and an unambiguous instruction that constant "3" needs to be put in place of the Protocol field of the DNSKEY RR under (re)construction.
>>
>> B.
>> Missing instruction about implicit class "IN". RFC 4034 defined all RR types as class-independent. I think it's fine to say "add constant 'IN' and be done with this", but I'm not aware of any RFC which would say that non-IN classes are not to be ever used.
> 
> I'm not understanding the threat model here. Are you saying that there might be validating resolvers who need a properly formatted DNSKEY record, but don't know how to put one together using the publickeyinfo? People wanted the document to be simpler, so we took out what was basically a restatement of RFC 4034.

I did not mean to imply any security threat.

It's simply that reader of the document cannot immediately see why 
certain fields of DNSKEY are not defined in the XML and their values 
have to be pulled out of thin air with no explicit instructions.


Having said that, I agree with you that a reader of the document who 
knows DNSSEC lore can fill in these two fields without any real risk.

I think it's wrong to leave things undefined in a document defining an 
interoperable file format but I don't insist on these two nits.


>> C.
>> Besides these two protocol omissions I think it would be good to expand the example to cover corner case created by optional publickeyinfo elements.
>>
>> I would recommend to base the 2.3 XML example section on the current version of http://data.iana.org/root-anchors/root-anchors.xml _with DNSKEY added_ for the 20326 keytag.
>>
>> I.e. we would show three KeyDigest elements:
>> - 19036 which is expired (validUntil in the past)
>> - 20326 which is currently valid and also contains (PublicKey, Flags)
>> - 38696 which is also valid but does NOT contain (PublicKey, Flags)
> 
> Is this important enough for us to have to do a new draft?

See below. I think it is.


>> Then the text should show how to reconstruct:
>> - DS set with two valid DSes (20326, 38696)
>> - DNSKEY set with just one DNSKEY (20326 only because material for 38696 is missing)
> 
> Again, I'm not seeing the value to restating RFC 4034 here.

Sorry but no, this has nothing to do with RFC 4034. It's limitation of 
the proposed XML format which has an optional field. That optional 
feature makes the format internally inconsistent for different groups of 
readers - depending on whether the reader implementation looks at Digest 
or publickeyinfo elements.


>> ... and say that the relying party needs to deal with this discrepancy between DS and DNSKEY sets.
> 
> We already have that in the Security Considerations.

I can't see any words about DS vs. DNSKEY set mismatch in the current 
Security Considerations section. Are they somewhere else I could not 
find them?


>> Personally I still think it's a mistake to make publickeyinfo optional but with the current safeguards in place (last paragraph of sect 3.2) I'm hesitantly okay with leaving it optional.
> 
> If we make it mandatory, then the current trust anchor file, and all previous trust anchor files, are invalid. We thought it was better to keep them valid.

I don't think it's an useful goal. Allow me to explain:

- Old versions of existing software either:
a) deal with the extended format
b) or will break when the optinal publickeyinfo is actually present.
That's same no matter if publickeyinfo is optional or not.

- IANA is reportedly eager to have the new format published ASAP. It 
implies the time window where a new versions of the software can see an 
old version of the file is probably very small. Consequently, new 
software can rely on the new parser for all new XML files.

- Old files are by definition (semantically) problematic for relying 
parties - nobody should be using an old XML if they are setting up trust 
anchors! It just does not make sense security-wise. I would call it a 
feature that new software will refuse to work with an obsolete TA 
definition!

- The only remaining use-case I can see then are researchers looking at 
historical XMLs. I would say the number of XML files through history is 
so low that it's not worth worrying about.

In other words:
I would recommend making publickeyinfo mandatory which removes nasty 
corner cases discussed above (and below).

Or if making it mandatory is not an option then please add warnings and 
an example to the text to attract attention to the inherent DS vs. 
DNSKEY set inconsistency.


>>> 5. IANA Considerations
>>
>> I wonder if this section needs some words about how to handle REVOKE flag and similar DS-hash-affecting situations. Setting REVOKE flag on a (former) TA will change its DS hash. This means that a relying party which stored just the DS RR cannot match pre-REVOKEd and post-REVOKEd DS.
>>
>> Maybe IANA should have an instruction to NOT include REVOKEd TAs in the file at all? Or maybe IANA should included only the pre-REVOKEd DS hash with validUntil set to the past?
>>
>> This mess is partially a consequence of the former refusal to assign any meaning to KeyDigest.id elements so the relying parties have a new guesswork to do when matching old and new trust anchors, but I gather this was already discussed (and refused to change) on the mailing list... So let's not open that question again and deal only with the consequences.
>>
>> I'm not sure what to do about this.
> 
> IANA is aware of all of these choices, and I think it is reasonable to let them decide. If you want to have them think more about this, they have the public mailing list for input.

Fair enough, let's not prescribe operational mechanics for IANA.

Maybe we can add a paragraph roughly like this into Security Considerations?

---
Relying parties need to implement TA matching very carefully. A single 
TA represented by a KeyDigest element can potentially change its Digest 
and KeyTag values between two versions of the TA XML, e.g. when key is 
revoked or another DNSSEC flag changes. Relying parties which fail to 
take this property into account are at risk of using incorrect TA set.
---


If the format keeps publickeyinfo element as optional then another 
paragraph is in order. E.g.:
---
Relying parties which depend on the optional publickeyinfo element are 
at risk of not seeing TAs published without this optional element. 
Consequently different parties who ingest the same XML at the same time 
can produce different set of trust anchors.
---
If the publickeyinfo element is mandatory this problem goes away and we 
don't need to talk about it here.

I hope it helps.

-- 
Petr Špaček
Internet Systems Consortium