IETF Logo Mail Archive

Re: [DNSOP] [Ext] About key tags

Mark Andrews <marka@isc.org> Wed, 28 February 2024 21:45 UTC

Return-Path: <marka@isc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6DBE3C14F61E for <dnsop@ietfa.amsl.com>; Wed, 28 Feb 2024 13:45:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isc.org header.b="OHX8ADtK"; dkim=pass (1024-bit key) header.d=isc.org header.b="fX3uTpS0"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5ltEKSnX4EJF for <dnsop@ietfa.amsl.com>; Wed, 28 Feb 2024 13:45:52 -0800 (PST)
Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.2.50]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 68EE5C14F5F7 for <dnsop@ietf.org>; Wed, 28 Feb 2024 13:45:51 -0800 (PST)
Received: from zimbrang.isc.org (zimbrang.isc.org [149.20.2.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx.pao1.isc.org (Postfix) with ESMTPS id 3D2EC3AB13B; Wed, 28 Feb 2024 21:45:51 +0000 (UTC)
ARC-Filter: OpenARC Filter v1.0.0 mx.pao1.isc.org 3D2EC3AB13B
Authentication-Results: mx.pao1.isc.org; arc=none smtp.remote-ip=149.20.2.31
ARC-Seal: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1709156751; cv=none; b=N4eR2gB9I9lhy1KXSPR9bUy1FYeEvZotV+0ooDjHrbJtI6czRQDSyRHGsZGrMgaXJprqq869SKGAh9OUZCgENczGIJwa4lm3Kc3fK2j4Nqq5GYotAs3p/htrYiMzMEfUDR8YRIXtFCEULup3YAKgS3IRB13ub4tiThODY6zvaRQ=
ARC-Message-Signature: i=1; a=rsa-sha256; d=isc.org; s=ostpay; t=1709156751; c=relaxed/relaxed; bh=t4Mj15NK5fk6OomJhxZQL8PgDang3F4z72cyGhfQQmc=; h=DKIM-Signature:DKIM-Signature:Mime-Version:Subject:From:Date: Message-Id:To; b=VPwI2dswMCEpIiN4ST3nxVR/U2U5Adw5iia9jpBTtKWAoDG8TKVin0W3yUJfWp1JQ8eV/vrfn/LDabVjpgtgm9ow9oBz2kKoXQetdtM6p+NwyJOzGNoj+0e/JdZ1uI1MrCIki/AAZLtJFbYf+UFDV98uoKywhSM1wTFGtOS9Usc=
ARC-Authentication-Results: i=1; mx.pao1.isc.org
DKIM-Filter: OpenDKIM Filter v2.10.3 mx.pao1.isc.org 3D2EC3AB13B
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=isc.org; s=ostpay; t=1709156751; bh=VM8cXu6PIBpT4rCFp8wS1EgHol8gXsbGxCdTFSQBqGo=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=OHX8ADtKDSVxk7/qlT+uDyQJgiFx9vfKYOylepbciwsNYsUGBAnTCIFr1eRuU1uYw 0LijfqUCrO6JGeRMLVf9wPioXIqKH/Y4LcbG/nrbGSVelKFpGh/HXri2RNYXA41XG4 CAZLohp7QzHHdtdIHIYg05ItGw0ZEdcFuAb8/1VY=
Received: from zimbrang.isc.org (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTPS id 38EB01120DBC; Wed, 28 Feb 2024 21:45:51 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1]) by zimbrang.isc.org (Postfix) with ESMTP id 16E4F1120DDC; Wed, 28 Feb 2024 21:45:51 +0000 (UTC)
DKIM-Filter: OpenDKIM Filter v2.10.3 zimbrang.isc.org 16E4F1120DDC
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=05DFB016-56A2-11EB-AEC0-15368D323330; t=1709156751; bh=t4Mj15NK5fk6OomJhxZQL8PgDang3F4z72cyGhfQQmc=; h=Mime-Version:From:Date:Message-Id:To; b=fX3uTpS02PjEcHEABaJjl1pyxGqE0Eb5khg5uZYyiyjk1UBJKhlgbP13dhZ8Ose97 bAa5WmZHKdDk+PKY0P7B0OW07fYGk3/KMPIKntidRgM8vQIiguGqFkwuF9msp5+fhA sju8b4bhGxWteBkO71E0WXl3Mw4fto/BtRK+887Y=
Received: from zimbrang.isc.org ([127.0.0.1]) by localhost (zimbrang.isc.org [127.0.0.1]) (amavis, port 10026) with ESMTP id OSR66ghbXo31; Wed, 28 Feb 2024 21:45:51 +0000 (UTC)
Received: from smtpclient.apple (n49-187-27-239.bla1.nsw.optusnet.com.au [49.187.27.239]) by zimbrang.isc.org (Postfix) with ESMTPSA id 2449D1120DBC; Wed, 28 Feb 2024 21:45:49 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6.1.1\))
From: Mark Andrews <marka@isc.org>
In-Reply-To: <CAHPuVdWGQL5bRRqPj=-g_02y-7sZG-1WyiTCqktbdba=PuzEvg@mail.gmail.com>
Date: Thu, 29 Feb 2024 08:45:37 +1100
Cc: Edward Lewis <edward.lewis@icann.org>, John Levine <johnl@taugh.com>, "dnsop@ietf.org" <dnsop@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <9FD50D6A-A8D9-42FC-A5B1-7CC87AFFEE1B@isc.org>
References: <9C4B65D7-EC9D-40BC-9B23-825F7FE8FB7E@isc.org> <20240227220905.E06018410007@ary.qy> <641C2E38-F1A8-435B-BA6F-770FEE9AEEA5@icann.org> <CAHPuVdWGQL5bRRqPj=-g_02y-7sZG-1WyiTCqktbdba=PuzEvg@mail.gmail.com>
To: Shumon Huque <shuque@gmail.com>
X-Mailer: Apple Mail (2.3731.700.6.1.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/UjYSZB7LoD5Dy1MSwO6_BSdOSfI>
Subject: Re: [DNSOP] [Ext] About key tags
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2024 21:45:56 -0000


> On 29 Feb 2024, at 08:22, Shumon Huque <shuque@gmail.com> wrote:
> 
> On Wed, Feb 28, 2024 at 3:59 PM Edward Lewis <edward.lewis@icann.org> wrote:
> On 2/27/24, 17:09, "DNSOP on behalf of John Levine" <dnsop-bounces@ietf.org on behalf of johnl@taugh.com> wrote:
> 
> >    The kind of load is different but in each case the client needs to
> >    limit the amount of work it's willing to do. We can forbid it in the
> >    protocol but unless you have better contacts at the Protocol Police
> >    than I do, people will do it anyway.
> 
> I side with John Levine's line of reasoning, that the solution is defending against taking on too much work (in this case, the validator caps it's effort - in whatever way is appropriate).  It would be futile to prevent key tag collisions from happening via a protocol change as a malicious actor is not bounded by specifications.
> 
> If it is forbidden in the protocol, it might still happen.
> 
> Yeah, as you might guess from my past messages on this thread, I am of the same opinion. There is a general principle about limiting work that resolvers need to follow, and this recent attack (like many others before it) exploited resolvers that failed to sensibly do that. The novel thing in KeyTrap is that it exploited a failure to bound cryptographic work, but the same principle applies.
> 
> Here's my minor restatement of the resolver's top priority from RFC 1034:
> 
>       Bound the amount of work (e.g. packets sent, parallel processes
>       started, computations performed, time spent) so that a request
>       can't get into an infinite loop, start off a chain reaction or
>       unreasonably lengthy sequence of tasks, requests or queries,
>       EVEN IF SOMEONE HAS INCORRECTLY OR MALICIOUSLY
>       CONFIGURED SOME DATA.
> 
> In the parenthetical examples of bounding work, I've added "computations performed" and "time spent". 
> 
> And in the uppercased "EVEN IF" phrase, I've added "MALICIOUS CONFIGURED".
> 
> I think the specific case of keytag collisions does deserve some special thought though. Even if resolvers limit the number of collisions, it's in a zone owner's interest to not have them at all. Colliding keytags in the DNSKEY RRset means imposing additional unnecessary signature verification work on resolvers for verifying every signed RRset in the response. And for efficiency reasons, a zone owner should want to have their answers accepted by validating resolvers with the minimum amount of work (and no unnecessary work).
> 
> Banning keytag collisions outright today would not be a good idea - we risk rendering some sights unresolvable through no fault of their own. DNSSEC already has plenty of detractors, and we don't want to give them more ammunition by creating problems in the ecosystem that can be easily avoided. I think writing a BCP telling folks how to avoid collisions would make sense though (and yes, it needs to cover the multi-signer case too).
> 
> Shumon.

Sorry this is fuzzy reasoning.  A BCP will never get to the state where the validator can actually stop on a single error.  The ONLY way to do that is to update the protocol and then wait a while before relying on the new rules in the validator.

We did this with EDNS (RFC 6891, April 2013) when we tightened up the unknown option behaviour (unspecified -> specified).  The hardest part is getting vendors to fix their products.  That was the most important work in 2019.  After that there was a very rapid reduction in broken servers out there.  It is not impossible to do.

Mark

> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop


-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka@isc.org

v2.23.0 | Report a Bug | By Email