[DNSOP] Re: [Ext] Request: Review changes - draft-ietf-dnsop-rfc7958bis-03 → 04.

Warren Kumari <warren@kumari.net> Tue, 27 August 2024 23:46 UTC

Return-Path: <warren@kumari.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CC95EC18DBAD for <dnsop@ietfa.amsl.com>; Tue, 27 Aug 2024 16:46:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kumari.net
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NANUXcx06P2O for <dnsop@ietfa.amsl.com>; Tue, 27 Aug 2024 16:46:50 -0700 (PDT)
Received: from mail-ed1-x52a.google.com (mail-ed1-x52a.google.com [IPv6:2a00:1450:4864:20::52a]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F6C1C151522 for <dnsop@ietf.org>; Tue, 27 Aug 2024 16:46:49 -0700 (PDT)
Received: by mail-ed1-x52a.google.com with SMTP id 4fb4d7f45d1cf-5becd359800so6773860a12.0 for <dnsop@ietf.org>; Tue, 27 Aug 2024 16:46:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kumari.net; s=google; t=1724802408; x=1725407208; darn=ietf.org; h=cc:to:subject:message-id:date:references:in-reply-to:from :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=uI9UIcnMw0o+zPxD5ORpkwsRd28Rq/alMeJyiKRyuY4=; b=O3nBaCaH+lUx4uug8J9f5Px0hREFHrxzNShG5wDcQ8MMna7knuXJVYJlIv2Bj8OyME 1O98BK8MetZbFIpB1SaH9zo2N1qYWe05cg07kh1OBjlIsW8tE4e1jpZz3Cu459QFly61 2/u9G6wnBObqBtjI4macmHniM67aS2zcwq46lAZ0zgcLmmRXkuDmdv4ZylZzYlk6odFh 8XHkuTxI2JIfjbBZefAxBQEEDpdENA8S3+8aaCREUfJKfL2AgxSIQ93gGMCa2IXqJTkG xTK9WnEhR2VZgM1BcnZbYHZEX9DfHz+JDun5Ur1nbYrxsX8ZeErMrvCJxiPR49Etjtnv zWaw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1724802408; x=1725407208; h=cc:to:subject:message-id:date:references:in-reply-to:from :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=uI9UIcnMw0o+zPxD5ORpkwsRd28Rq/alMeJyiKRyuY4=; b=ojE6uZo64E/VoyXrpz9kDG1bVZoaa553Uw9C6jjaCv47VqH/stouP4jmMRxA0We5+b UtnXKYFtg5sxichS6zW6y0m1CviymyIcERej94wADmd/uvPtW7Gzh/HA8nWAsr+N0gjb B+iuvngpgg4LMFnS0Zlxi0RnPeyWyHPlYDeSmRAqxzTg4m1SHKomX9+T6WqEZztZj1o4 1FwLcjgHS0jxIG3sE6ZBox9+p1a3bjtATmjXZMRz0X3BsPn5SZv9zGA6qWu65AKvnOGy JNRu4okWb8LXE8K6su0CRlEG683nJfCEE6lc9G0IdvK6T6CWtkyCk4Wl2Dj//rZo2cQR LXyw==
X-Forwarded-Encrypted: i=1; AJvYcCVLVTKYYFwM024eTvsVWw10G5NxryZA9VJbYw/HoeOwyMHBQKJhe8cXePRaTknOrcsg07Mb4g==@ietf.org
X-Gm-Message-State: AOJu0Yyb1epK867wC6MZ2LPiEwrww8QblWHUe+0BLTOEoMkIZxfR79RB qTLdHUg7gqdnotijIuRubpbhL4g15BhhK2hYHHt8VD2o25jgPsT0cZqvdK5LPwitQhgI98aHfDk 3Nei4eYU31dR9iNEjUMWAx6zB/SZXxY8gqD8Uo/IuYIKmvWhQ
X-Google-Smtp-Source: AGHT+IF0KcLgAgbz7ZVOFWxCK0hT9Wbs346qYaoWfPsORbEvLvI07315Vw2btqc+l8nTXObDHDJpXB6kYe3KEdACzUQ=
X-Received: by 2002:a05:6402:3709:b0:5be:e01c:6b5e with SMTP id 4fb4d7f45d1cf-5c214c62bf7mr158442a12.35.1724802407999; Tue, 27 Aug 2024 16:46:47 -0700 (PDT)
Received: from 649336022844 named unknown by gmailapi.google.com with HTTPREST; Tue, 27 Aug 2024 16:46:46 -0700
Mime-Version: 1.0
X-Mailer: Superhuman Desktop (2024-08-27T20:29:50Z)
X-Superhuman-ID: m0d2t2bt.38e63afc-a6dc-4b46-aecb-6ba98e75d154
X-Superhuman-Draft-ID: draft005950a46816d8a9
From: Warren Kumari <warren@kumari.net>
In-Reply-To: <cb326dc1-cee9-4369-9cb4-7ffc314e0eb3@isc.org>
References: <CAHw9_iL-ZwwA_pckR+=7SndOvqjfcNX9FjZ9Bim24uSYgTxkyw@mail.gmail.com> <98896B9D-259E-4E46-8DC7-E873D8B25F55@icann.org> <d9aed09d-b1c8-4ba1-9d4e-e83d504bfe40@nthpermutation.com> <65A596AD-1A4F-400A-9404-E2D60A54BE66@icann.org> <36118f44-d18d-443b-8aa8-007b8b62db3f@nthpermutation.com> <49523BCB-7747-44A2-97FA-8F46B238B4E0@icann.org> <cb326dc1-cee9-4369-9cb4-7ffc314e0eb3@isc.org>
Date: Tue, 27 Aug 2024 16:46:46 -0700
Message-ID: <CAHw9_iJ_xpJ4_WOPqkP6XjahiS01czO3=8fiAZbjUwTop7_zBA@mail.gmail.com>
To: Petr Špaček <pspacek@isc.org>
Content-Type: multipart/alternative; boundary="000000000000d646840620b2da0f"
Message-ID-Hash: LJ45GXE6FODK4VM6TQCL74ISXFEMFORP
X-Message-ID-Hash: LJ45GXE6FODK4VM6TQCL74ISXFEMFORP
X-MailFrom: warren@kumari.net
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dnsop.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Paul Hoffman <paul.hoffman@icann.org>, dnsop@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [DNSOP] Re: [Ext] Request: Review changes - draft-ietf-dnsop-rfc7958bis-03 → 04.
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/V2pRXasNDZesJmozossWoO-ewkU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Owner: <mailto:dnsop-owner@ietf.org>
List-Post: <mailto:dnsop@ietf.org>
List-Subscribe: <mailto:dnsop-join@ietf.org>
List-Unsubscribe: <mailto:dnsop-leave@ietf.org>

On Mon, Aug 26, 2024 at 11:51 AM, Petr Špaček <pspacek@isc.org> wrote:

> Hi everyone,
>
>
>
Hi everyone!

Thank you very much for your comments. We've had some discussions, and the
authors will be publishing a new version in the next few days addressing
these.

In addition, I will be deferring the IESG Evaluation / Balloting from this
telechat/cycle to the following one. I would really like to get this
published soon (so that the IANA can use it), but the document will benefit
from some more clarity / polish.

Thank you all very much again,
Warren.


I'm responding only to Paul's reaction to my previous comments.
>
> I don't want discuss IANA operational procedures here so I tried to focus
> on the XML and it's consumers.
>
> On 21. 08. 24 0:20, Paul Hoffman wrote:
>
> On Aug 10, 2024, at 08:21, Michael StJohns <msj@nthpermutation.com>
> wrote:
>
> On 8/9/2024 5:09 PM, Paul Hoffman wrote:
>
> On Aug 9, 2024, at 12:16, Michael StJohns <msj@nthpermutation.com> wrote:
>
> On Aug 15, 2024, at 02:43, Petr Špaček <pspacek@isc.org> wrote:
>
> I've re-reviewed the -04 version. It addresses the major problem of the
> format - the inability to represent some DNSSEC TAs.
>
> -04 changes resulted in some omissions in the new text, see below.
>
> 2.3. XML Example
>
> Between versions -03 and -04 we have lost text with explicit instructions
> how to reconstruct text representation of DS and DNSKEY. I'm fine with
> doing it in the new section 2.3 but there are two omissions in the -04
> text:
>
> A.
> Missing example of DNSKEY RR reconstruction. It was formerly present in
> the draft -03 section 2.4. Most notably -04 text is missing instruction
> about DNSKEY "Protocol" field which is not represented in the XML.
>
> I think it needs a reference to RFC 4034 section 2.1.2 and an unambiguous
> instruction that constant "3" needs to be put in place of the Protocol
> field of the DNSKEY RR under (re)construction.
>
> B.
> Missing instruction about implicit class "IN". RFC 4034 defined all RR
> types as class-independent. I think it's fine to say "add constant 'IN' and
> be done with this", but I'm not aware of any RFC which would say that
> non-IN classes are not to be ever used.
>
> I'm not understanding the threat model here. Are you saying that there
> might be validating resolvers who need a properly formatted DNSKEY record,
> but don't know how to put one together using the publickeyinfo? People
> wanted the document to be simpler, so we took out what was basically a
> restatement of RFC 4034.
>
> I did not mean to imply any security threat.
>
> It's simply that reader of the document cannot immediately see why certain
> fields of DNSKEY are not defined in the XML and their values have to be
> pulled out of thin air with no explicit instructions.
>
> Having said that, I agree with you that a reader of the document who knows
> DNSSEC lore can fill in these two fields without any real risk.
>
> I think it's wrong to leave things undefined in a document defining an
> interoperable file format but I don't insist on these two nits.
>
> C.
> Besides these two protocol omissions I think it would be good to expand
> the example to cover corner case created by optional publickeyinfo
> elements.
>
> I would recommend to base the 2.3 XML example section on the current
> version of http://data.iana.org/root-anchors/root-anchors.xml _with
> DNSKEY added_ for the 20326 keytag.
>
> I.e. we would show three KeyDigest elements:
> - 19036 which is expired (validUntil in the past)
> - 20326 which is currently valid and also contains (PublicKey, Flags)
> - 38696 which is also valid but does NOT contain (PublicKey, Flags)
>
> Is this important enough for us to have to do a new draft?
>
> See below. I think it is.
>
> Then the text should show how to reconstruct:
> - DS set with two valid DSes (20326, 38696)
> - DNSKEY set with just one DNSKEY (20326 only because material for 38696
> is missing)
>
> Again, I'm not seeing the value to restating RFC 4034 here.
>
> Sorry but no, this has nothing to do with RFC 4034. It's limitation of the
> proposed XML format which has an optional field. That optional feature
> makes the format internally inconsistent for different groups of readers -
> depending on whether the reader implementation looks at Digest or
> publickeyinfo elements.
>
> ... and say that the relying party needs to deal with this discrepancy
> between DS and DNSKEY sets.
>
> We already have that in the Security Considerations.
>
> I can't see any words about DS vs. DNSKEY set mismatch in the current
> Security Considerations section. Are they somewhere else I could not find
> them?
>
> Personally I still think it's a mistake to make publickeyinfo optional but
> with the current safeguards in place (last paragraph of sect 3.2) I'm
> hesitantly okay with leaving it optional.
>
> If we make it mandatory, then the current trust anchor file, and all
> previous trust anchor files, are invalid. We thought it was better to keep
> them valid.
>
> I don't think it's an useful goal. Allow me to explain:
>
> - Old versions of existing software either:
> a) deal with the extended format
> b) or will break when the optinal publickeyinfo is actually present.
> That's same no matter if publickeyinfo is optional or not.
>
> - IANA is reportedly eager to have the new format published ASAP. It
> implies the time window where a new versions of the software can see an old
> version of the file is probably very small. Consequently, new software can
> rely on the new parser for all new XML files.
>
> - Old files are by definition (semantically) problematic for relying
> parties - nobody should be using an old XML if they are setting up trust
> anchors! It just does not make sense security-wise. I would call it a
> feature that new software will refuse to work with an obsolete TA
> definition!
>
> - The only remaining use-case I can see then are researchers looking at
> historical XMLs. I would say the number of XML files through history is so
> low that it's not worth worrying about.
>
> In other words:
> I would recommend making publickeyinfo mandatory which removes nasty
> corner cases discussed above (and below).
>
> Or if making it mandatory is not an option then please add warnings and an
> example to the text to attract attention to the inherent DS vs. DNSKEY set
> inconsistency.
>
> 5. IANA Considerations
>
> I wonder if this section needs some words about how to handle REVOKE flag
> and similar DS-hash-affecting situations. Setting REVOKE flag on a (former)
> TA will change its DS hash. This means that a relying party which stored
> just the DS RR cannot match pre-REVOKEd and post-REVOKEd DS.
>
> Maybe IANA should have an instruction to NOT include REVOKEd TAs in the
> file at all? Or maybe IANA should included only the pre-REVOKEd DS hash
> with validUntil set to the past?
>
> This mess is partially a consequence of the former refusal to assign any
> meaning to KeyDigest.id <http://keydigest.id/> elements so the relying
> parties have a new guesswork to do when matching old and new trust anchors,
> but I gather this was already discussed (and refused to change) on the
> mailing list... So let's not open that question again and deal only with
> the consequences.
>
> I'm not sure what to do about this.
>
> IANA is aware of all of these choices, and I think it is reasonable to let
> them decide. If you want to have them think more about this, they have the
> public mailing list for input.
>
> Fair enough, let's not prescribe operational mechanics for IANA.
>
> Maybe we can add a paragraph roughly like this into Security
> Considerations?
>
> ---
> Relying parties need to implement TA matching very carefully. A single TA
> represented by a KeyDigest element can potentially change its Digest and
> KeyTag values between two versions of the TA XML, e.g. when key is revoked
> or another DNSSEC flag changes. Relying parties which fail to take this
> property into account are at risk of using incorrect TA set.
> ---
>
> If the format keeps publickeyinfo element as optional then another
> paragraph is in order. E.g.:
> ---
> Relying parties which depend on the optional publickeyinfo element are at
> risk of not seeing TAs published without this optional element.
> Consequently different parties who ingest the same XML at the same time can
> produce different set of trust anchors.
> ---
> If the publickeyinfo element is mandatory this problem goes away and we
> don't need to talk about it here.
>
> I hope it helps.
>
> --
> Petr Špaček
> Internet Systems Consortium
>
> _______________________________________________
> DNSOP mailing list -- dnsop@ietf.org
> To unsubscribe send an email to dnsop-leave@ietf.org
>