IETF Logo Mail Archive

Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt

Mukund Sivaraman <muks@mukund.org> Fri, 01 June 2018 11:24 UTC

Return-Path: <muks@mukund.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8AD2E129C6E for <dnsop@ietfa.amsl.com>; Fri, 1 Jun 2018 04:24:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YqmOkLgunJx9 for <dnsop@ietfa.amsl.com>; Fri, 1 Jun 2018 04:24:16 -0700 (PDT)
Received: from mail.banu.com (mail.banu.com [IPv6:2a01:4f8:140:644b::225]) by ietfa.amsl.com (Postfix) with ESMTP id 152F6128C0A for <dnsop@ietf.org>; Fri, 1 Jun 2018 04:24:16 -0700 (PDT)
Received: from jurassic (unknown [49.203.222.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.banu.com (Postfix) with ESMTPSA id 21EE032C00E4; Fri, 1 Jun 2018 11:24:11 +0000 (UTC)
Date: Fri, 01 Jun 2018 16:54:02 +0530
From: Mukund Sivaraman <muks@mukund.org>
To: Shane Kerr <shane@time-travellers.org>
Cc: dnsop@ietf.org
Message-ID: <20180601112402.GA29577@jurassic>
References: <4DCC5A51-1AB0-47B6-92B5-79B6894F9A9C@verisign.com> <CAJE_bqcELQbQeHPvvEBHOxpRyWYL76BmT_-G4jW4pTnUUXFMUw@mail.gmail.com> <27C44216-581A-4991-A739-ECE8B7F8AA35@verisign.com> <884c2d11-9db0-7668-59c9-baa8574a03f7@time-travellers.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <884c2d11-9db0-7668-59c9-baa8574a03f7@time-travellers.org>
User-Agent: Mutt/1.9.2 (2017-12-15)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/TPmIKgMRJ0zmnoyeRqB9ngYgBI4>
Subject: Re: [DNSOP] New Version Notification for draft-wessels-dns-zone-digest-01.txt
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 01 Jun 2018 11:24:19 -0000

On Fri, Jun 01, 2018 at 10:51:00AM +0000, Shane Kerr wrote:
> Wessels, Duane:
> > 
> >> On May 25, 2018, at 11:33 AM, 神明達哉 <jinmei@wide.ad.jp> wrote:
> >>
> >> At Wed, 23 May 2018 15:32:11 +0000,
> >> "Weinberg, Matt" <mweinberg=40verisign.com@dmarc.ietf.org> wrote:
> >>
> >>> We’ve posted a new version of draft-wessels-dns-zone-digest.  Of note,
> >> this -01 version includes the following changes:
> >> [...]
> >>> We plan to ask for time on the dnsop agenda in Montreal.  Your feedback
> >> is welcome and appreciated.
> >>
> >> I've read the draft.  I have a few high level comments and specific
> >> feedback on the draft content:
> >>
> >> - It was not really clear exactly what kind of problem this digest
> >>   tries to solve, especially given that the primarily intended usage
> >>   is for the root zone, which is DNSSEC-signed with NSEC.
> > 
> > Thanks you for the feedback.  We will write a clearer problem statement
> > in the introduction for the next version.
> 
> As I mentioned, I have seen zones broken during transfer in production,
> and having a standard way to check for this seems reasonable.
> 
> >> - This digest can't be incrementally updated, that is, you'll need to
> >>   calculate the digest over the entire zone even if just a single
> >>   record is modified (am I correct?).  That's probably an inevitable
> >>   cost for the motivation of providing cryptographically strong
> >>   integrity check, but that's a pity for me.  One case I know of where
> >>   things like "zone digest" is wanted is to ensure consistency for a
> >>   very large zone between primary and secondary servers that are
> >>   synchronized using IXFR.  In principle they must be consistent, but
> >>   operators may want to have a lightweight (albeit not
> >>   cryptographically strong) way to confirm no unexpected events (such
> >>   as an implementation bug) quietly broke the consistency.  Perhaps
> >>   such usage is just outside the scope of this proposal, but I first
> >>   expected I could use it for this kind of purpose it was a bit
> >>   disappointing and I wanted to mention it.
> > 
> > Incremental updates could be supported if the working group feels it is
> > important.  We have a working proof-of-concept implementation of this that
> > hashes individual RRsets and then XORs them into a final message digest
> > (thanks to Roy Arends for the suggestion).
> > 
> > However, this complicates the implementation.  It almost certainly requires
> > more CPU processing but probably not to an extent that matters significantly.
> > We could do some simple benchmarks.
> > 
> > If there is desire to follow this path, then we should discuss whether or
> > not to keep having the zone digest algorithms exactly match the DS digest
> > algorithms.  For example, digest alg 2 could mean "SHA256 over the zone
> > as a whole" while digest alg 3 could mean "SHA-256 digest and XOR individual
> > RRsets" to support incremental updates.
> 
> As I mentioned in my review of the first version of this document, I
> think that inserting digest records periodically throughout the zone
> could serve to allow incremental updates (as the recipient can cache
> unchanged values) and also allow a degree of parallelism.

Interesting. Merkle tree for the domain name space nodes would also be
suitable. It means that for a zone with a large number of labels at a
single domain tree level, all the individual hashes underneath would
have to be hashed, but it seems OK. e.g., with SHA-256:

[muks@jurassic ~]$ openssl speed sha256
...
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
sha256           67640.07k   146564.37k   254310.49k   313201.19k   337102.17k   339285.33k

Merkle tree would lend itself well to representation in current DNS tree
implementations, and they may be used for other DNS purposes in the
future too. ;)

Instead of use of plain SHA-1 and GOST in table 1, I'd like to see
SHA3-256. I'd also make SHA-384 as mandatory as for hashing this large
amount of data as SHA-512 is known to perform better than SHA-256 on
popular processors.

[muks@jurassic ~]$ openssl speed sha512
...
The 'numbers' are in 1000s of bytes per second processed.
type             16 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes  16384 bytes
sha512           46730.69k   187840.56k   291941.29k   416484.51k   475806.75k   476692.21k

		Mukund

v2.23.0 | Report a Bug | By Email