Re: [DNSOP] [dnsext] CGA-TSIG - new version

"Hosnieh Rafiee" <> Fri, 14 February 2014 23:07 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id B434D1A0459; Fri, 14 Feb 2014 15:07:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.448
X-Spam-Status: No, score=-2.448 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.548] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id GHYzjm80mqon; Fri, 14 Feb 2014 15:07:42 -0800 (PST)
Received: from ( [IPv6:2a01:238:42ad:1500:aa19:4238:e48f:61cf]) by (Postfix) with ESMTP id 878AD1A0450; Fri, 14 Feb 2014 15:07:37 -0800 (PST)
Received: from localhost (unknown []) by (Postfix) with ESMTP id 5529823E24C2; Fri, 14 Feb 2014 23:07:35 +0000 (UTC)
X-Virus-Scanned: amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id e_TVKLuP8jKQ; Sat, 15 Feb 2014 00:07:33 +0100 (CET)
Received: from kopoli ( []) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id EFF8F23E24BC; Sat, 15 Feb 2014 00:07:32 +0100 (CET)
From: "Hosnieh Rafiee" <>
To: <>, <>
Date: Sat, 15 Feb 2014 00:07:31 +0100
Message-ID: <021201cf29d9$8a5daa30$9f18fe90$>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac8p2Ydc1m63NpXkQOSaC46ODJ+WHQ==
Content-Language: en-us
Cc: 'Jeroen van der Ham' <>, 'Marc Buijsman' <>
Subject: Re: [DNSOP] [dnsext] CGA-TSIG - new version
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 14 Feb 2014 23:07:46 -0000

Thanks for the information you've provided, I improved the document
according to comments and found out that the report also has a few problems
which is due to the fact that it misinterpreted the of CGA-TSIG document.

Here I explain the problems or the reasons of choices:

- CGA-TSIG cannot use MAC as a signature field. The purpose was that to have
all the CGA data in one section instead of trying to find them in different
sections of TSIG. 

- sizes of length encoding: It is one byte. It is enough for any key sizes.
If you also check the "checksum" field in the packets, you will find out
that it is only 8 bits or one byte. In the emails I explained to you that it
is the multiple of 8. In no RFC you can find out that the value is the
length of data in bits. It is always the length of data in bytes. But how
you showed in your report is that you consider the number of bits and not
bytes so you had the following example
2048/8=256 (now you only converted the number of bits to bytes) so you
needed to divide it by another 8 that is 256/8=32 and this is the value you
set to length. If you even consider the key size 7680, then the length will
be only 120.
- old signature only contains time signed. The reason is to avoid increasing
the packet length 

I appreciate further comments and would like more people review it so that
we can go ahead with this document.


A new version of I-D, draft-rafiee-intarea-cga-tsig-07.txt
has been successfully submitted by Hosnieh Rafiee and posted to the IETF

Name:		draft-rafiee-intarea-cga-tsig
Revision:	07
Title:		Secure DNS Authentication using CGA/SSAS Algorithm in IPv6
Document date:	2014-02-15
Group:		Individual Submission
Pages:		26

   This document describes a new mechanism that can be used to reduce
   the need for human intervention during DNS authentication and secure
   DNS authentication in various scenarios such as the DNS
   authentication of resolvers to stub resolvers, authentication during
   zone transfers, authentication of root DNS servers to recursive DNS
   servers, and authentication during the FQDN (RFC 4703) update.

   Especially in the last scenario, i.e., FQDN, if the node uses the
   Neighbor Discovery Protocol (NDP) (RFC 4861, RFC 4862), unlike the
   Dynamic Host Configuration Protocol (DHCP) (RFC 3315), the node has
   no way of updating his FQDN records on the DNS and has no means for a
   secure authentication with the DNS server. While this is a major
   problem in NDP-enabled networks, this is a minor problem in DHCPv6.
   This is because the DHCP server updates the FQDN records on behalf of
   the nodes on the network. This document also introduces a possible
   algorithm for DNS data confidentiality.


> -----Original Message-----
> From: dnsext [] On Behalf Of Marc Buijsman
> Sent: Thursday, January 16, 2014 3:45 PM
> To:
> Cc: Jeroen van der Ham
> Subject: [dnsext] CGA-TSIG research report
> Dear working group members,
> For my master's thesis I have performed an investigation at NLnet Labs on
> CGA-TSIG as a solution to the last mile problem of DNS. The version of the
> CGA-TSIG proposal that I reviewed is the current latest version at
> During the
course of
> my research I have already had some contact with Ms. Rafiee.
> In order to do a verification of the CGA-TSIG proposal I have created a
> of concept implementation in NLnet Labs' "ldns" library. Since the scope
> the project was limited to the last mile problem it only includes the code
> required for this purpose, but the implementation could easily be extended
> to support other applications (like zone transfers). I have found that
> has potential to be an adequate solution to the last mile problem on IPv6
> networks, although some future research is needed with regard to
> bootstrapping the authentication.
> As a result, I would hereby like to refer you to my report which can be
> at
> I have outlined my results in section 4.2 which contains suggestions on
how I
> believe the CGA-TSIG draft could be clarified and otherwise improved. I
> my suggestions will be adopted in the next version of the draft. The PoC
> can be found in the online Git repository of NLnet Labs at
> I hope my work will be helpful in standardising CGA-TSIG.
> Yours sincerely,
> Marc Buijsman
> _______________________________________________
> dnsext mailing list